Community discussions

MikroTik App
 
Aimovoria
just joined
Topic Author
Posts: 1
Joined: Thu May 26, 2022 2:31 pm

Webserver (cannot get internally to intranet site via mobile phones) + other stuff..

Thu May 26, 2022 3:54 pm

Hi Mikrotik Community,

I came after a few IT members which already quit the job. Now is my time here and I'm trying to understand a few things but I'm quite much failing.. I would like You to critique and point what needs to be rechanged cause I have some problems with the network here.. Few of them I'm trying to solve out:
- sometimes weird behavior of DHCP distribution (where It sometimes distributes normally without problems and sometimes it doesn't mostly on 192.168.0.0/24 - 192.168.10.1/24 dhcp-pool),
- from what I see there is plenty of firewall rules some of which are important like these where it says (rejestrator [surveillance video recorder] - it has to be visible inside/outside [outside for mobile phones to check live video recordings])
- also since today when I with two programmers spend a few hours trying to understand what is the problem we cannot see the internal webserver. It has to be visible mostly for mobile phones which will connect to quest wifi (in this case 192.168.60.0/24 pool). I probably have an issue with DNS resolving because on domain PCs / laptops it is visible but not for quests mobile phones (company co-workers). for now this is most important thing for me, because we cannot start with api.. From what I saw it has something to do with Hairpin NAT, right?

We also using CAPSMAN here and have pretty much few of AP's..
I must point out that I'm quite unexperienced that's why I'm quite miserably asking for help checking the attached exported code via this line of code " /export hide-sensitive compact file=XXXX.cfg".

# may/26/2022 13:16:47 by RouterOS 6.47.9
# software id = UXBG-R1U1
#
# model = CCR1009-7G-1C-1S+
# serial number = 
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=Channel_1
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2442 name=Channel_7
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2472 name=\
    Channel_13
add band=5ghz-a/n control-channel-width=20mhz frequency=5180 name=\
    Channel_36_5GHz
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2417 name=Channel_2
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2422 name=Channel_3
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2427 name=Channel_4
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2432 name=Channel_5
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437 name=Channel_6
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2447 name=Channel_8
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2452 name=Channel_9
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2457 name=\
    Channel_10
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2462 name=\
    Channel_11
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2467 name=\
    Channel_12
/caps-man datapath
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_MM vlan-id=60 vlan-mode=use-tag
add arp=proxy-arp client-to-client-forwarding=yes local-forwarding=yes name=\
    datapath_cfg
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_to_vlan_30 vlan-id=30 vlan-mode=use-tag
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_to_vlan_40 vlan-id=40 vlan-mode=use-tag
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_to_vlan_100 vlan-id=100 vlan-mode=use-tag
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_to_vlan_20 vlan-id=20 vlan-mode=use-tag
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_to_vlan_60 vlan-id=60 vlan-mode=use-tag
add arp=proxy-arp client-to-client-forwarding=no local-forwarding=yes name=\
    datapath_czytnik vlan-id=60 vlan-mode=use-tag
/interface bridge
add arp=proxy-arp name=br-Trunk
add arp=proxy-arp name=br-mgmt vlan-filtering=yes
add arp=proxy-arp name=bridge1
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp comment=ether1 name=WAN1
set [ find default-name=ether2 ] arp=proxy-arp comment=ether2 name=WAN2
set [ find default-name=combo1 ] arp=proxy-arp
set [ find default-name=ether3 ] arp=proxy-arp
set [ find default-name=ether4 ] arp=proxy-arp
set [ find default-name=ether5 ] arp=proxy-arp
set [ find default-name=ether6 ] arp=proxy-arp
set [ find default-name=ether7 ] arp=proxy-arp
set [ find default-name=sfp-sfpplus1 ] arp=proxy-arp
/interface eoip
add allow-fast-path=no local-address=77.65.116.226 mac-address=\
    02:38:91:B1:AD:93 name=eoip-tunnel1 remote-address=212.244.79.1 \
    tunnel-id=0
/interface vlan
add arp=proxy-arp comment=VLAN_Desktops interface=br-Trunk name=VLAN_10 \
    vlan-id=10
add arp=proxy-arp comment=VLAN_Maszyny_produkcja interface=br-Trunk name=\
    VLAN_20 vlan-id=20
add arp=proxy-arp comment=VLAN_Printers_Q-NAP_S-NAS_Serwer interface=br-Trunk \
    name=VLAN_30 vlan-id=30
add arp=proxy-arp comment=VLAN_WiFi_MM interface=br-Trunk name=VLAN_40 \
    vlan-id=40
add arp=proxy-arp comment=VLAN_Kamery_test interface=br-Trunk name=VLAN_50 \
    vlan-id=50
add arp=proxy-arp comment=VLAN_WiFi_Guest interface=br-Trunk name=VLAN_60 \
    vlan-id=60
add arp=proxy-arp comment="VLAN Core MM" interface=br-Trunk name=VLAN_100 \
    vlan-id=100
add arp=proxy-arp comment=VLAN_200_MGMT_ID_1 interface=br-Trunk loop-protect=\
    on name=VLAN_200_MGMT vlan-id=1
/caps-man datapath
add bridge=br-Trunk name=datapath_Guest
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=\
    aes-ccm,tkip name=security_cap_MM
add authentication-types=wpa-psk,wpa2-psk encryption=\
    aes-ccm,tkip name=security_cap_Guest
add authentication-types=wpa-psk,wpa2-psk encryption=\
    aes-ccm,tkip name=security_StacjaPaliw
add authentication-types=wpa-psk,wpa2-psk \
    encryption=aes-ccm,tkip name=security_Centrum
add authentication-types=wpa-psk,wpa2-psk encryption=\
    aes-ccm,tkip name=security_czytniki
add authentication-types=wpa-psk,wpa2-psk \
    encryption=aes-ccm,tkip name=security_Stolarnia
add authentication-types=wpa-psk,wpa2-psk \
    encryption=aes-ccm,tkip name=security_biuro_01a
/caps-man configuration
add channel=Channel_7 country=poland datapath=datapath_to_vlan_40 mode=ap \
    name=cfg_MM security=security_cap_MM ssid=WiFi_MM
add channel=Channel_7 country=poland datapath=datapath_to_vlan_60 mode=ap \
    name=cfg_MM_Guest security=security_cap_Guest ssid=WiFi_MM_Guest
add channel=Channel_7 country=poland datapath=datapath_to_vlan_30 mode=ap \
    name=cfg_MM_VLAN30 security=security_cap_MM ssid=WiFi_MM_V30
add channel=Channel_7 country=poland datapath=datapath_to_vlan_40 mode=ap \
    name=cfg_MM_VLAN40 security=security_cap_MM ssid=WiFi_MM_V40
add channel=Channel_7 country=poland datapath=datapath_to_vlan_100 mode=ap \
    name=cfg_MM_VLAN100 security=security_cap_MM ssid=WiFi_MM_V100
add channel=Channel_7 country=poland datapath=datapath_to_vlan_20 mode=ap \
    name=cfg_MM_VLAN20 security=security_cap_MM ssid=WiFi_MM_V20
add channel=Channel_7 country=poland datapath=datapath_to_vlan_100 mode=ap \
    name=cfg_MM_CZYTNIK security=security_czytniki ssid=WiFi_MM_CZYTNIK
add channel=Channel_7 country=poland datapath=datapath_to_vlan_40 mode=ap \
    name=cfg_MM_biuro_01a security=security_biuro_01a ssid=biuro_01a
add channel=Channel_36_5GHz country=poland datapath=datapath_to_vlan_60 mode=\
    ap name=cfg_MM_Guest_5GHz security=security_cap_Guest ssid=\
    WiFi_MM_Guest_5GHz
add channel=Channel_1 country=poland datapath=datapath_to_vlan_40 mode=ap \
    name=cfg_MM_StacjaPaliw security=security_StacjaPaliw ssid=WiFi_MM_ON
add datapath=datapath_to_vlan_20 mode=ap name=cfg_MM_Centrum security=\
    security_Centrum ssid=WiFi_CENTRUM
add channel=Channel_7 country=poland datapath=datapath_to_vlan_60 mode=ap \
    name=cfg_MM_VLAN60 security=security_cap_MM ssid=WiFi_MM_V60
add channel=Channel_7 country=poland datapath=datapath_to_vlan_100 mode=ap \
    name=cfg_MM_Stolania security=security_Stolarnia ssid=WiFi_STOLARNIA
add channel=Channel_36_5GHz country=poland datapath=datapath_to_vlan_20 mode=\
    ap name=cfg_MM_Stolania_5GHz security=security_Stolarnia ssid=\
    WiFi_STOLARNIA_5GHz
add country=poland datapath=datapath_to_vlan_40 mode=ap name=\
    cfg_MM_biuro_01_5G security=security_biuro_01a ssid=biuro_01_5G
add channel=Channel_11 country=poland datapath=datapath_to_vlan_100 mode=ap \
    name=cfg_MM_Dekodery security=security_cap_Guest ssid=dekoder_NC
/interface list
add name=WAN
add name=Trunk
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Facebook regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|fbsbx.co\
    m|fbcdn.net|fb.com|tfbnw.net).*\$"
add name=WP regexp="^..+\\.(wp.pl).*\$"
/ip ipsec profile
add dh-group=modp1024 name=macbook
/ip ipsec peer
add disabled=yes name=macbook_peer passive=yes profile=macbook
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=\
    aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/ip pool
add comment=VLAN_200_POOL name=pool-dhcp-vlan200 ranges=\
    192.168.200.50-192.168.200.99
add comment=VLAN_10_POOL name=pool-dhcp-vlan10 ranges=\
    192.168.10.50-192.168.10.200
add comment=VLAN_20_POOL name=pool-dhcp-vlan20 ranges=\
    192.168.20.50-192.168.20.150
add comment=VLAN_30_POOL name=pool-dhcp-vlan30 ranges=\
    192.168.30.50-192.168.30.150
add comment=VLAN_40_POOL name=pool-dhcp-vlan40 ranges=\
    192.168.40.50-192.168.40.150
add comment=VLAN_60_POOL name=pool-dhcp-vlan60 ranges=\
    192.168.60.50-192.168.60.220
add name=LoadBalancingPool ranges=192.168.3.10-192.168.3.20
add comment=VPN-VLAN_100_POOL name=VPN-pool-dhcp-vlan100 ranges=\
    192.168.0.11-192.168.0.19
add comment=VLAN_8_POOL name=pool-dhcp-vlan8 ranges=\
    192.168.8.50-192.168.8.150
add comment=VPN-VLAN_200_POOL name=VPN-pool-dhcp-vlan200 ranges=\
    192.168.200.10-192.168.200.20
add name=pool1 ranges=10.1.1.2-10.1.1.250
add comment=VLAN_50_POOL name=pool-dhcp-vlan50 ranges=\
    192.168.50.50-192.168.50.150
add comment=VLAN_100_POOL_2 name=pool-dhcp-vlan100_3 ranges=\
    192.168.0.15-192.168.0.19
/ip dhcp-server
add address-pool=pool-dhcp-vlan200 authoritative=after-2sec-delay disabled=no \
    interface=VLAN_200_MGMT lease-time=2d10m name=dhcp-vlan200
add address-pool=pool-dhcp-vlan10 disabled=no interface=VLAN_10 lease-time=1d \
    name=dhcp-vlan10_
add address-pool=pool-dhcp-vlan20 disabled=no interface=VLAN_20 lease-time=\
    1d10m name=dhcp-vlan20
add address-pool=pool-dhcp-vlan30 disabled=no interface=VLAN_30 name=\
    dhcp-vlan30
add address-pool=pool-dhcp-vlan40 disabled=no interface=VLAN_40 name=\
    dhcp-vlan40
add address-pool=pool-dhcp-vlan60 disabled=no interface=VLAN_60 lease-time=\
    4w2d10m name=dhcp-vlan60
add address-pool=LoadBalancingPool disabled=no interface=bridge1 name=server1
add address-pool=pool-dhcp-vlan8 disabled=no interface=br-mgmt name=\
    dhcp-vlan8
add address-pool=pool-dhcp-vlan50 disabled=no interface=VLAN_50 lease-time=\
    1d10m name=dhcp-vlan50
/ip pool
add comment=VLAN_100_POOL_2 name=pool-dhcp-vlan100_2 next-pool=\
    pool-dhcp-vlan100_3 ranges=192.168.0.121-192.168.0.199
add comment=VLAN_100_POOL name=pool-dhcp-vlan100 next-pool=\
    pool-dhcp-vlan100_2 ranges=192.168.0.70-192.168.0.89
/ip dhcp-server
add address-pool=pool-dhcp-vlan100 disabled=no interface=VLAN_100 lease-time=\
    1d name=dhcp-vlan100
/ppp profile
add dns-server=192.168.0.200 idle-timeout=1d local-address=10.11.16.172 name=\
    VPN_Profile remote-address=VPN-pool-dhcp-vlan100 session-timeout=1d \
    wins-server=192.168.0.200
add dns-server=192.168.0.200 idle-timeout=1d local-address=192.168.200.1 \
    name=VPN-Profile-MgMt remote-address=VPN-pool-dhcp-vlan200 \
    session-timeout=1d wins-server=192.168.0.200
add change-tcp-mss=yes name=pptp use-encryption=yes
add change-tcp-mss=yes local-address=192.168.0.222 name=test remote-address=\
    VPN-pool-dhcp-vlan100 use-encryption=yes
add dns-server=192.168.0.200 local-address=192.168.200.1 name=profile_test \
    remote-address=VPN-pool-dhcp-vlan200 wins-server=192.168.0.200
add change-tcp-mss=yes dns-server=192.168.0.200 idle-timeout=1d \
    local-address=10.11.16.172 name=VPN_MAC remote-address=\
    VPN-pool-dhcp-vlan100 session-timeout=1d use-encryption=yes wins-server=\
    192.168.0.200
add change-tcp-mss=yes dns-server=192.168.0.200 idle-timeout=1d \
    local-address=10.11.16.172 name=VPN_Profile_10 remote-address=\
    pool-dhcp-vlan10 session-timeout=1d use-encryption=yes wins-server=\
    192.168.0.200
add dns-server=192.168.0.200 local-address=10.11.16.172 name=openvpn \
    remote-address=VPN-pool-dhcp-vlan200 use-encryption=required
/queue simple
add dst=WAN2 max-limit=90M/90M name="192.168.0.20 -- " target=192.168.0.20/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.21 -- " target=192.168.0.21/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.22 -- " target=192.168.0.22/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.23 -- " target=192.168.0.23/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.24 -- " target=192.168.0.24/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.25 -- " target=192.168.0.25/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.26 -- " target=192.168.0.26/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.27 -- " target=192.168.0.27/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.28 -- " target=192.168.0.28/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.29 -- " target=192.168.0.29/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.30 -- " target=192.168.0.30/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.31 -- " target=192.168.0.31/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.32 -- " target=192.168.0.32/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.33 -- " target=192.168.0.33/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.34 -- " target=192.168.0.34/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.35 -- " target=192.168.0.35/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.36 -- " target=192.168.0.36/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.37 -- " target=192.168.0.37/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.38 -- " target=192.168.0.38/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.39 -- " target=192.168.0.39/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.40 -- " target=192.168.0.40/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.41 -- " target=192.168.0.41/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.42 -- " target=192.168.0.42/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.43 -- " target=192.168.0.43/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.44 -- " target=192.168.0.44/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.45 -- " target=192.168.0.45/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.46 -- " target=192.168.0.46/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.47 -- " target=192.168.0.47/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.48 -- " target=192.168.0.48/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.49 -- " target=192.168.0.49/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.50 -- " target=192.168.0.50/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.51 -- " target=192.168.0.51/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.52 -- " target=192.168.0.52/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.53 -- " target=192.168.0.53/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.54 -- " target=192.168.0.54/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.55 -- " target=192.168.0.55/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.56 -- " target=192.168.0.56/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.57 -- " target=192.168.0.57/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.58 -- " target=192.168.0.58/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.59 -- " target=192.168.0.59/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.60 -- " target=192.168.0.60/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.61 -- " target=192.168.0.61/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.62 -- " target=192.168.0.62/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.63 -- " target=192.168.0.63/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.64 -- " target=192.168.0.64/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.65 -- " target=192.168.0.65/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.66 -- " target=192.168.0.66/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.67 -- " target=192.168.0.67/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.68 -- " target=192.168.0.68/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.69 -- " target=192.168.0.69/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.70 -- " target=192.168.0.70/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.71 -- " target=192.168.0.71/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.72 -- " target=192.168.0.72/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.73 -- " target=192.168.0.73/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.74 -- " target=192.168.0.74/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.75 -- " target=192.168.0.75/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.76 -- " target=192.168.0.76/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.77 -- " target=192.168.0.77/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.78 -- " target=192.168.0.78/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.79 -- " target=192.168.0.79/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.80 -- " target=192.168.0.80/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.81 -- " target=192.168.0.81/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.82 -- " target=192.168.0.82/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.83 -- " target=192.168.0.83/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.84 -- " target=192.168.0.84/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.85 -- " target=192.168.0.85/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.86 -- " target=192.168.0.86/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.87 -- " target=192.168.0.87/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.88 -- " target=192.168.0.88/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.89 -- " target=192.168.0.89/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.90 -- " target=192.168.0.90/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.91 -- " target=192.168.0.91/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.92 -- " target=192.168.0.92/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.93 -- " target=192.168.0.93/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.94 -- " target=192.168.0.94/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.95 -- " target=192.168.0.95/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.96 -- " target=192.168.0.96/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.97 -- " target=192.168.0.97/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.98 -- " target=192.168.0.98/32
add dst=WAN2 max-limit=90M/90M name="192.168.0.99 -- " target=192.168.0.99/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.2 -- " target=192.168.10.2/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.3 -- " target=192.168.10.3/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.4 -- " target=192.168.10.4/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.5 -- " target=192.168.10.5/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.6 -- " target=192.168.10.6/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.7 -- " target=192.168.10.7/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.8 -- " target=192.168.10.8/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.9 -- " target=192.168.10.9/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.10 -- " target=\
    192.168.10.10/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.11 -- " target=\
    192.168.10.11/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.12 -- " target=\
    192.168.10.12/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.13 -- " target=\
    192.168.10.13/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.14 -- " target=\
    192.168.10.14/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.15 -- " target=\
    192.168.10.15/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.16 -- " target=\
    192.168.10.16/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.17 -- " target=\
    192.168.10.17/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.18 -- " target=\
    192.168.10.18/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.19 -- " target=\
    192.168.10.19/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.20 -- " target=\
    192.168.10.20/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.21 -- " target=\
    192.168.10.21/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.22 -- " target=\
    192.168.10.22/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.23 -- " target=\
    192.168.10.23/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.24 -- " target=\
    192.168.10.24/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.25 -- " target=\
    192.168.10.25/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.26 -- " target=\
    192.168.10.26/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.27 -- " target=\
    192.168.10.27/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.28 -- " target=\
    192.168.10.28/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.29 -- " target=\
    192.168.10.29/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.30 -- " target=\
    192.168.10.30/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.31 -- " target=\
    192.168.10.31/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.32 -- " target=\
    192.168.10.32/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.33 -- " target=\
    192.168.10.33/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.34 -- " target=\
    192.168.10.34/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.35 -- " target=\
    192.168.10.35/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.36 -- " target=\
    192.168.10.36/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.37 -- " target=\
    192.168.10.37/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.38 -- " target=\
    192.168.10.38/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.39 -- " target=\
    192.168.10.39/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.40 -- " target=\
    192.168.10.40/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.41 -- " target=\
    192.168.10.41/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.42 -- " target=\
    192.168.10.42/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.43 -- " target=\
    192.168.10.43/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.44 -- " target=\
    192.168.10.44/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.45 -- " target=\
    192.168.10.45/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.46 -- " target=\
    192.168.10.46/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.47 -- " target=\
    192.168.10.47/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.48 -- " target=\
    192.168.10.48/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.49 -- " target=\
    192.168.10.49/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.50 -- " target=\
    192.168.10.50/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.51 -- " target=\
    192.168.10.51/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.52 -- " target=\
    192.168.10.52/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.53 -- " target=\
    192.168.10.53/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.54 -- " target=\
    192.168.10.54/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.55 -- " target=\
    192.168.10.55/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.56 -- " target=\
    192.168.10.56/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.57 -- " target=\
    192.168.10.57/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.58 -- " target=\
    192.168.10.58/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.59 -- " target=\
    192.168.10.59/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.60 -- " target=\
    192.168.10.60/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.61 -- " target=\
    192.168.10.61/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.62 -- " target=\
    192.168.10.62/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.63 -- " target=\
    192.168.10.63/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.64 -- " target=\
    192.168.10.64/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.65 -- " target=\
    192.168.10.65/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.66 -- " target=\
    192.168.10.66/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.67 -- " target=\
    192.168.10.67/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.68 -- " target=\
    192.168.10.68/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.69 -- " target=\
    192.168.10.69/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.70 -- " target=\
    192.168.10.70/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.71 -- " target=\
    192.168.10.71/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.72 -- " target=\
    192.168.10.72/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.73 -- " target=\
    192.168.10.73/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.74 -- " target=\
    192.168.10.74/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.75 -- " target=\
    192.168.10.75/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.76 -- " target=\
    192.168.10.76/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.77 -- " target=\
    192.168.10.77/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.78 -- " target=\
    192.168.10.78/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.79 -- " target=\
    192.168.10.79/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.80 -- " target=\
    192.168.10.80/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.81 -- " target=\
    192.168.10.81/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.82 -- " target=\
    192.168.10.82/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.83 -- " target=\
    192.168.10.83/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.84 -- " target=\
    192.168.10.84/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.85 -- " target=\
    192.168.10.85/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.86 -- " target=\
    192.168.10.86/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.87 -- " target=\
    192.168.10.87/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.88 -- " target=\
    192.168.10.88/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.89 -- " target=\
    192.168.10.89/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.90 -- " target=\
    192.168.10.90/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.91 -- " target=\
    192.168.10.91/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.92 -- " target=\
    192.168.10.92/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.93 -- " target=\
    192.168.10.93/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.94 -- " target=\
    192.168.10.94/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.95 -- " target=\
    192.168.10.95/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.96 -- " target=\
    192.168.10.96/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.97 -- " target=\
    192.168.10.97/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.98 -- " target=\
    192.168.10.98/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.99 -- " target=\
    192.168.10.99/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.100 -- " target=\
    192.168.10.100/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.101 -- " target=\
    192.168.10.101/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.102 -- " target=\
    192.168.10.102/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.103 -- " target=\
    192.168.10.103/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.104 -- " target=\
    192.168.10.104/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.105 -- " target=\
    192.168.10.105/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.106 -- " target=\
    192.168.10.106/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.107 -- " target=\
    192.168.10.107/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.108 -- " target=\
    192.168.10.108/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.109 -- " target=\
    192.168.10.109/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.110 -- " target=\
    192.168.10.110/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.111 -- " target=\
    192.168.10.111/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.112 -- " target=\
    192.168.10.112/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.113 -- " target=\
    192.168.10.113/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.114 -- " target=\
    192.168.10.114/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.115 -- " target=\
    192.168.10.115/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.116 -- " target=\
    192.168.10.116/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.117 -- " target=\
    192.168.10.117/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.118 -- " target=\
    192.168.10.118/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.119 -- " target=\
    192.168.10.119/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.120 -- " target=\
    192.168.10.120/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.121 -- " target=\
    192.168.10.121/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.122 -- " target=\
    192.168.10.122/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.123 -- " target=\
    192.168.10.123/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.124 -- " target=\
    192.168.10.124/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.125 -- " target=\
    192.168.10.125/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.126 -- " target=\
    192.168.10.126/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.127 -- " target=\
    192.168.10.127/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.128 -- " target=\
    192.168.10.128/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.129 -- " target=\
    192.168.10.129/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.130 -- " target=\
    192.168.10.130/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.131 -- " target=\
    192.168.10.131/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.132 -- " target=\
    192.168.10.132/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.133 -- " target=\
    192.168.10.133/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.134 -- " target=\
    192.168.10.134/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.135 -- " target=\
    192.168.10.135/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.136 -- " target=\
    192.168.10.136/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.137 -- " target=\
    192.168.10.137/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.138 -- " target=\
    192.168.10.138/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.139 -- " target=\
    192.168.10.139/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.140 -- " target=\
    192.168.10.140/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.141 -- " target=\
    192.168.10.141/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.142 -- " target=\
    192.168.10.142/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.143 -- " target=\
    192.168.10.143/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.144 -- " target=\
    192.168.10.144/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.145 -- " target=\
    192.168.10.145/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.146 -- " target=\
    192.168.10.146/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.147 -- " target=\
    192.168.10.147/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.148 -- " target=\
    192.168.10.148/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.149 -- " target=\
    192.168.10.149/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.150 -- " target=\
    192.168.10.150/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.151 -- " target=\
    192.168.10.151/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.152 -- " target=\
    192.168.10.152/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.153 -- " target=\
    192.168.10.153/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.154 -- " target=\
    192.168.10.154/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.155 -- " target=\
    192.168.10.155/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.156 -- " target=\
    192.168.10.156/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.157 -- " target=\
    192.168.10.157/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.158 -- " target=\
    192.168.10.158/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.159 -- " target=\
    192.168.10.159/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.160 -- " target=\
    192.168.10.160/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.161 -- " target=\
    192.168.10.161/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.162 -- " target=\
    192.168.10.162/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.163 -- " target=\
    192.168.10.163/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.164 -- " target=\
    192.168.10.164/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.165 -- " target=\
    192.168.10.165/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.166 -- " target=\
    192.168.10.166/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.167 -- " target=\
    192.168.10.167/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.168 -- " target=\
    192.168.10.168/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.169 -- " target=\
    192.168.10.169/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.170 -- " target=\
    192.168.10.170/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.171 -- " target=\
    192.168.10.171/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.172 -- " target=\
    192.168.10.172/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.173 -- " target=\
    192.168.10.173/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.174 -- " target=\
    192.168.10.174/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.175 -- " target=\
    192.168.10.175/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.176 -- " target=\
    192.168.10.176/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.177 -- " target=\
    192.168.10.177/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.178 -- " target=\
    192.168.10.178/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.179 -- " target=\
    192.168.10.179/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.180 -- " target=\
    192.168.10.180/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.181 -- " target=\
    192.168.10.181/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.182 -- " target=\
    192.168.10.182/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.183 -- " target=\
    192.168.10.183/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.184 -- " target=\
    192.168.10.184/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.185 -- " target=\
    192.168.10.185/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.186 -- " target=\
    192.168.10.186/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.187 -- " target=\
    192.168.10.187/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.188 -- " target=\
    192.168.10.188/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.189 -- " target=\
    192.168.10.189/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.190 -- " target=\
    192.168.10.190/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.191 -- " target=\
    192.168.10.191/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.192 -- " target=\
    192.168.10.192/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.193 -- " target=\
    192.168.10.193/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.194 -- " target=\
    192.168.10.194/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.195 -- " target=\
    192.168.10.195/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.196 -- " target=\
    192.168.10.196/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.197 -- " target=\
    192.168.10.197/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.198 -- " target=\
    192.168.10.198/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.199 -- " target=\
    192.168.10.199/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.200 -- " target=\
    192.168.10.200/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.201 -- " target=\
    192.168.10.201/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.202 -- " target=\
    192.168.10.202/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.203 -- " target=\
    192.168.10.203/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.204 -- " target=\
    192.168.10.204/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.205 -- " target=\
    192.168.10.205/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.206 -- " target=\
    192.168.10.206/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.207 -- " target=\
    192.168.10.207/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.208 -- " target=\
    192.168.10.208/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.209 -- " target=\
    192.168.10.209/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.210 -- " target=\
    192.168.10.210/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.211 -- " target=\
    192.168.10.211/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.212 -- " target=\
    192.168.10.212/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.213 -- " target=\
    192.168.10.213/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.214 -- " target=\
    192.168.10.214/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.215 -- " target=\
    192.168.10.215/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.216 -- " target=\
    192.168.10.216/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.217 -- " target=\
    192.168.10.217/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.218 -- " target=\
    192.168.10.218/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.219 -- " target=\
    192.168.10.219/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.220 -- " target=\
    192.168.10.220/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.221 -- " target=\
    192.168.10.221/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.222 -- " target=\
    192.168.10.222/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.223 -- " target=\
    192.168.10.223/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.224 -- " target=\
    192.168.10.224/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.225 -- " target=\
    192.168.10.225/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.226 -- " target=\
    192.168.10.226/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.227 -- " target=\
    192.168.10.227/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.228 -- " target=\
    192.168.10.228/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.229 -- " target=\
    192.168.10.229/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.230 -- " target=\
    192.168.10.230/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.231 -- " target=\
    192.168.10.231/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.232 -- " target=\
    192.168.10.232/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.233 -- " target=\
    192.168.10.233/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.234 -- " target=\
    192.168.10.234/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.235 -- " target=\
    192.168.10.235/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.236 -- " target=\
    192.168.10.236/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.237 -- " target=\
    192.168.10.237/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.238 -- " target=\
    192.168.10.238/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.239 -- " target=\
    192.168.10.239/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.240 -- " target=\
    192.168.10.240/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.241 -- " target=\
    192.168.10.241/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.242 -- " target=\
    192.168.10.242/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.243 -- " target=\
    192.168.10.243/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.244 -- " target=\
    192.168.10.244/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.245 -- " target=\
    192.168.10.245/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.246 -- " target=\
    192.168.10.246/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.247 -- " target=\
    192.168.10.247/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.248 -- " target=\
    192.168.10.248/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.249 -- " target=\
    192.168.10.249/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.250 -- " target=\
    192.168.10.250/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.251 -- " target=\
    192.168.10.251/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.252 -- " target=\
    192.168.10.252/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.253 -- " target=\
    192.168.10.253/32
add dst=WAN2 max-limit=90M/90M name="192.168.10.254 -- " target=\
    192.168.10.254/32
add dst=WAN1 max-limit=1G/1G name=WAN1
add dst=WAN2 max-limit=1G/1G name=WAN2
/system logging action
set 1 disk-file-count=130 disk-lines-per-file=2000
set 3 remote=192.168.0.212
add name=SysLogServer remote=192.168.0.99 target=remote
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man access-list
add allow-signal-out-of-range=10s comment="Czytnik01 - Tapicernia" disabled=\
    no mac-address=00:30:0D:39:91:B0 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik02 - Tapicernia Lozka" \
    disabled=no mac-address=00:30:0D:3A:AE:3C ssid-regexp=""
add allow-signal-out-of-range=10m10s comment=\
    "Czytnik03 - Materace - Sebastian" disabled=no mac-address=\
    00:30:0D:3A:E3:75 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik04 - od 20201021" disabled=\
    no mac-address=00:30:0D:3A:AD:D7 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik05 - od 20201021" disabled=\
    no mac-address=00:30:0D:3A:AD:06 ssid-regexp=""
add allow-signal-out-of-range=10s comment=\
    "Stolarnia - KOMP OD CENTRUM NA STOLARNI" disabled=yes mac-address=\
    00:E0:4B:C5:3C:A7 ssid-regexp=STOLARNIA
add allow-signal-out-of-range=10s comment="F - telefon" disabled=yes \
    mac-address=60:AB:67:AB:6B:E3 ssid-regexp=WiFi_STOLARNIA
add allow-signal-out-of-range=10s comment="F-Laptop Dell" disabled=no \
    mac-address=00:24:D7:78:4B:CC ssid-regexp=""
add allow-signal-out-of-range=10s disabled=no mac-address=A4:34:D9:51:BB:8E \
    ssid-regexp=""
add allow-signal-out-of-range=10s comment="nie znam" disabled=no mac-address=\
    C0:8C:71:22:01:4C ssid-regexp=""
add allow-signal-out-of-range=10s comment="shalaszewski - Laptop Lenovo" \
    disabled=no mac-address=9C:4E:36:BB:22:38 ssid-regexp=""
add allow-signal-out-of-range=10s comment="MD99 - WiFi" disabled=no \
    mac-address=F4:F2:6D:56:E3:89 ssid-regexp=""
add allow-signal-out-of-range=10s comment=Galaxy-S10e-F disabled=no \
    mac-address=9E:6B:FF:2D:D8:70 ssid-regexp=""
add allow-signal-out-of-range=10s comment=RedmiNote7-sklep disabled=no \
    mac-address=70:3A:51:95:AE:21 ssid-regexp=""
add allow-signal-out-of-range=10s comment=Galaxy-S10-F disabled=no \
    mac-address=7A:89:A4:FE:D8:F1 ssid-regexp=""
add allow-signal-out-of-range=10s comment=Cuter-HalaGoraSrodek disabled=no \
    mac-address=E4:02:9B:58:04:A8 ssid-regexp=""
add allow-signal-out-of-range=10s comment="ML12 - ssiekirka" disabled=no \
    mac-address=44:AF:28:0E:AE:ED ssid-regexp=""
add allow-signal-out-of-range=10s comment=Cuter-HalaGoraPrzyOknie disabled=no \
    mac-address=80:3F:5D:11:0E:13 ssid-regexp=""
add allow-signal-out-of-range=10s comment=Cuter-HalaGoraPrzyOknie-Lagowarka \
    disabled=no mac-address=86:2B:B5:DB:7C:C5 ssid-regexp=""
add allow-signal-out-of-range=10s comment=Cuter-HalaDol disabled=no \
    mac-address=C0:B8:83:74:43:3E ssid-regexp=""
add allow-signal-out-of-range=10s comment=Cuter-HalaDol-Lagowarka disabled=no \
    mac-address=70:F1:1C:28:74:22 ssid-regexp=""
add allow-signal-out-of-range=10s comment="USB ASUS" disabled=no mac-address=\
    50:3E:AA:67:99:E2 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Telefon - Szef Artur " disabled=no \
    mac-address=8C:B8:4A:2C:AE:60 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik06 - Tapicernia - 20210703" \
    disabled=no mac-address=00:30:0D:39:02:9A ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik07 - Tapicernia - 20210703" \
    disabled=no mac-address=00:30:0D:3A:AF:89 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik08 - Korlety - 20210715" \
    disabled=no mac-address=00:30:0D:3A:E2:B4 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik09 - Korlety2 - 20210715" \
    disabled=no mac-address=00:30:0D:39:04:D0 ssid-regexp=""
add allow-signal-out-of-range=10s comment=\
    "SH_ADM - s\B3u\BFbowy tel - Redmi 9" disabled=yes mac-address=\
    FC:19:99:FE:3A:8C ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik13 - 20210820" disabled=no \
    mac-address=00:30:0D:39:03:6C ssid-regexp=""
add allow-signal-out-of-range=10s comment=PGaluba disabled=no mac-address=\
    A4:45:19:59:61:9E ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik10 - 20210820" disabled=no \
    mac-address=00:30:0D:3A:DE:B0 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik12 - 20210820" disabled=no \
    mac-address=00:30:0D:3A:E0:00 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik11 - 20210820" disabled=no \
    mac-address=00:30:0D:3A:30:A9 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Redmi 9 - Olga Staniczek" \
    disabled=no mac-address=4A:0E:92:EF:98:F3 ssid-regexp=""
add allow-signal-out-of-range=10s comment="HalaGora - Lagowarka" disabled=no \
    mac-address=7C:DD:90:C2:A2:BA ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik14 - Szwalnia/Krojownia" \
    disabled=no mac-address=00:30:0D:3A:B0:AF ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik15 - Szwalnia/Krojownia" \
    disabled=no mac-address=00:30:0D:3A:C5:6B ssid-regexp=""
add allow-signal-out-of-range=10s comment=RevPI disabled=no mac-address=\
    C8:3E:A7:01:F2:AE ssid-regexp=""
add allow-signal-out-of-range=10s comment="Fotowoltaika Opat\F3w (1z2 - SN FAL\
    OWNIKA 66AT2530219C005 SN WiFi 669W3DRF216A137)" disabled=no mac-address=\
    BC:FF:4D:38:2F:2C ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik16 - Krojownia - 20211021" \
    disabled=no mac-address=00:30:0D:3A:46:99 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik17 - Sebastian - 20211021" \
    disabled=no mac-address=00:30:0D:3A:E1:52 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Czytnik18 - PPiatek - 20211021" \
    disabled=no mac-address=00:30:0D:39:1B:70 ssid-regexp=""
add allow-signal-out-of-range=10s comment="sh_adm POCO X3 Pro" disabled=no \
    mac-address=04:E5:98:E4:3F:E2 ssid-regexp=""
add allow-signal-out-of-range=10s comment=Tymczasowy_Lagowarka disabled=no \
    mac-address=D0:37:45:D3:05:A5 ssid-regexp=""
add allow-signal-out-of-range=10s comment=HalaDol-Lagowarka-ArcherT2UPlus \
    disabled=no mac-address=C0:06:C3:F6:C4:1F ssid-regexp=""
add allow-signal-out-of-range=10s comment="ML22 - sh_adm WiFi" disabled=no \
    mac-address=64:BC:58:BD:AD:CB ssid-regexp=""
add allow-signal-out-of-range=10s comment="TP-Link (FEMA PRZY OKNIE)" \
    disabled=no mac-address=10:27:F5:55:CE:FF ssid-regexp=""
add allow-signal-out-of-range=10s disabled=no mac-address=24:20:C7:22:3D:23 \
    ssid-regexp=""
add allow-signal-out-of-range=10s disabled=no mac-address=68:63:59:D5:FD:9A \
    ssid-regexp=""
add allow-signal-out-of-range=10s comment="SH_POCO X3" disabled=no \
    mac-address=04:E5:98:E4:3F:E2 ssid-regexp=""
add allow-signal-out-of-range=10s comment=\
    "Kierownicy - Marta Szyma\F1ska TEL" disabled=no mac-address=\
    9C:BC:F0:44:AA:A7 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Kierownicy - Pawel Piatek TEL" \
    disabled=no mac-address=FC:19:99:FE:3B:03 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Kierownicy - Piotr Kozicki TEL" \
    disabled=no mac-address=24:46:C8:8F:7A:C6 ssid-regexp=""
add allow-signal-out-of-range=10s comment="Fotowoltaika Opat\F3w (2z2 - SN FAL\
    OWNIKA 66AT2530219C005 SN WiFi 669W3DTF216A292)" disabled=no mac-address=\
    BC:FF:4D:38:08:55 ssid-regexp=""
add allow-signal-out-of-range=10s comment=HandheldSyc1 disabled=no \
    mac-address=00:30:0D:39:8B:1A ssid-regexp=""
add allow-signal-out-of-range=10s comment=HandheldSyc2 disabled=no \
    mac-address=00:30:0D:3A:9F:22 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man manager interface
add disabled=no interface=VLAN_30
/caps-man provisioning
add disabled=yes master-configuration=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_01 - 2.4GHz - Szafa nad Kamilem - uszk od 20201020" disabled=yes \
    master-configuration=cfg_MM_CZYTNIK name-format=identity radio-mac=\
    64:D1:54:F6:3A:6A slave-configurations=cfg_MM_Guest,cfg_MM_biuro_01a
add action=create-dynamic-enabled comment="AP_02 - 2.4GHz - Stacja Paliw" \
    disabled=yes master-configuration=cfg_MM_StacjaPaliw name-format=identity \
    radio-mac=B8:69:F4:00:40:71 slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_03 - 2.4GHz - Hala Gora Srodek - Lagowarki" master-configuration=\
    cfg_MM_Centrum name-format=identity radio-mac=CC:2D:E0:EA:09:63 \
    slave-configurations=cfg_MM_CZYTNIK,cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_05 - 2.4GHz - Hala Produkcyjna - Tapicernia - wisi obok schodow" \
    master-configuration=cfg_MM_Centrum name-format=identity radio-mac=\
    B8:69:F4:80:41:47 slave-configurations=cfg_MM_Guest,cfg_MM_CZYTNIK
add action=create-dynamic-enabled comment=\
    "AP_06 - 2.4GHz - Hala Dol - Pakowanie - wisi na srodku" \
    master-configuration=cfg_MM_Centrum name-format=identity radio-mac=\
    C4:AD:34:46:46:AA slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_07 - 2.4GHz - Hala Dol - Pakowanie - wisi na koncu" \
    master-configuration=cfg_MM_CZYTNIK name-format=identity radio-mac=\
    C4:AD:34:F5:70:C7 slave-configurations=cfg_MM_Centrum
add action=create-dynamic-enabled comment=\
    "AP_08 - 2.4GHz - HalaObokHalaDolNaPodworzel - Materace - wisi na srodku" \
    master-configuration=cfg_MM_Centrum name-format=identity radio-mac=\
    C4:AD:34:F5:6F:5D slave-configurations=cfg_MM_Guest,cfg_MM_CZYTNIK
add action=create-dynamic-enabled comment=\
    "AP_03 - 5.0GHz - Hala Gora Srodek - Lagowarki" master-configuration=\
    cfg_MM_Guest_5GHz name-format=identity radio-mac=CC:2D:E0:EA:09:64
add action=create-dynamic-enabled comment=\
    "AP_05 - 5.0GHz - Hala Produkcyjna - Tapicernia - wisi obok schodow" \
    master-configuration=cfg_MM_biuro_01_5G name-format=identity radio-mac=\
    B8:69:F4:80:41:48 slave-configurations=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_06 - 5.0GHz - Hala Dol - Pakowanie - wisi na srodku" \
    master-configuration=cfg_MM_Guest_5GHz name-format=identity radio-mac=\
    C4:AD:34:46:46:AB
add action=create-dynamic-enabled comment=\
    "AP_07 - 5.0GHz - Hala Dol - Pakowanie - wisi na koncu" \
    master-configuration=cfg_MM_Guest_5GHz name-format=identity radio-mac=\
    C4:AD:34:F5:70:C8
add action=create-dynamic-enabled comment=\
    "AP_08 - 5.0GHz - HalaObokHalaDolNaPodworzel - Materace - wisi na srodku" \
    master-configuration=cfg_MM_Guest_5GHz name-format=identity radio-mac=\
    C4:AD:34:F5:6F:5E
add action=create-dynamic-enabled comment=Sekretariat disabled=yes \
    master-configuration=cfg_MM_Guest name-format=identity radio-mac=\
    B8:69:F4:2F:48:4D slave-configurations=cfg_MM_biuro_01a
add action=create-dynamic-enabled comment="AP_11 - 2.4GHz - Kraj - Magda" \
    master-configuration=cfg_MM_biuro_01a name-format=identity radio-mac=\
    08:55:31:4D:9A:10 slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_09 - 2.4GHz - Szafa nad Kamilem" master-configuration=\
    cfg_MM_biuro_01a name-format=identity radio-mac=C4:AD:34:F6:DE:AE \
    slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment="AP_11 - 5.0GHz - Kraj - Magda" \
    master-configuration=cfg_MM_biuro_01_5G name-format=identity radio-mac=\
    08:55:31:4D:9A:11 slave-configurations=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_10 - 5.0GHz - Stolarnia stara - wisi na srodku" disabled=yes \
    master-configuration=cfg_MM_Guest_5GHz name-format=identity
add action=create-dynamic-enabled comment=\
    "AP_10 - 2.4GHz - Stolarnia stara - wisi na srodku" disabled=yes \
    master-configuration=cfg_MM_biuro_01a name-format=identity \
    slave-configurations=cfg_MM_Guest,cfg_MM_CZYTNIK
add action=create-dynamic-enabled comment=\
    "AP_09 - 5.0GHz - Szafa nad Kamilem" master-configuration=\
    cfg_MM_biuro_01_5G name-format=identity radio-mac=C4:AD:34:F6:DE:AF \
    slave-configurations=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_10 - 2,4GHz - Stolarnia Duza - RB951" master-configuration=\
    cfg_MM_Stolania name-format=identity radio-mac=48:8F:5A:7C:85:9D \
    slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_18 - 2.4GHz - DOM (Marketing/Graficy)" master-configuration=\
    cfg_MM_biuro_01a name-format=identity radio-mac=DC:2C:6E:B8:56:1C \
    slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_18 - 5.0GHz - DOM (Marketing/Graficy)" master-configuration=\
    cfg_MM_biuro_01_5G name-format=identity radio-mac=DC:2C:6E:B8:56:1D \
    slave-configurations=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_13 - 2.4GHz - BiuroGora - Szefowie" master-configuration=\
    cfg_MM_biuro_01a name-format=identity radio-mac=08:55:31:B0:D1:72 \
    slave-configurations=cfg_MM_Guest,cfg_MM_Dekodery
add action=create-dynamic-enabled comment=\
    "AP_13 - 5.0GHz - BiuroGora - Szefowie" master-configuration=\
    cfg_MM_biuro_01_5G name-format=identity radio-mac=08:55:31:B0:D1:73 \
    slave-configurations=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_12 - 2.4GHz - Hala Produkcyjna - Tapicernia - wisi blizej namiotu" \
    master-configuration=cfg_MM_CZYTNIK name-format=identity radio-mac=\
    08:55:31:4D:A2:0A slave-configurations=cfg_MM_Centrum,cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_12 - 5.0GHz - Hala Produkcyjna - Tapicernia - wisi blizej namiotu" \
    master-configuration=cfg_MM_Guest_5GHz name-format=identity radio-mac=\
    08:55:31:4D:A2:0B
add action=create-dynamic-enabled comment=\
    "AP_15 - 2.4GHz - Wystawka (ODPIETY TEMP)" disabled=yes \
    master-configuration=cfg_MM_biuro_01a name-format=identity radio-mac=\
    2C:C8:1B:15:A0:F6 slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_15 - 5.0GHz - Wystawka (ODPIETY TEMP)" disabled=yes \
    master-configuration=cfg_MM_biuro_01_5G name-format=identity radio-mac=\
    2C:C8:1B:15:A0:F7 slave-configurations=cfg_MM_Guest_5GHz
add action=create-dynamic-enabled comment=\
    "AP_16 - 2.4GHz - Pakowanie - blizej ramp" master-configuration=\
    cfg_MM_CZYTNIK name-format=identity radio-mac=2C:C8:1B:3A:EB:E6 \
    slave-configurations=cfg_MM_Centrum,cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_16 - 5.0GHz - Pakowanie - blizej ramp" master-configuration=\
    cfg_MM_Guest_5GHz name-format=identity radio-mac=2C:C8:1B:3A:EB:E7
add action=create-dynamic-enabled comment=\
    "AP_17 - 2.4GHz - Pakowanie - blizej tapicerni" master-configuration=\
    cfg_MM_CZYTNIK name-format=identity radio-mac=2C:C8:1B:3A:EB:90 \
    slave-configurations=cfg_MM_Centrum,cfg_MM_Guest
add action=create-dynamic-enabled comment=\
    "AP_17 - 5.0GHz - Pakowanie - blizej tapicerni" master-configuration=\
    cfg_MM_Guest_5GHz name-format=identity radio-mac=2C:C8:1B:3A:EB:91
add action=create-dynamic-enabled comment="AP_04 - 2.4GHz - Recepcja" \
    master-configuration=cfg_MM_biuro_01a name-format=identity radio-mac=\
    B8:69:F4:80:3F:2F slave-configurations=cfg_MM_Guest
add action=create-dynamic-enabled comment="AP_04 - 5.0GHz - Recepcja" \
    master-configuration=cfg_MM_biuro_01_5G name-format=identity radio-mac=\
    B8:69:F4:80:3F:30 slave-configurations=cfg_MM_Guest_5GHz
/interface bridge port
add bridge=br-mgmt interface=ether7
add bridge=br-Trunk interface=ether3
add bridge=br-Trunk interface=ether4
add bridge=br-Trunk interface=ether5
add bridge=br-Trunk interface=ether6
add bridge=br-Trunk interface=sfp-sfpplus1
add bridge=br-Trunk interface=combo1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set default-profile=VPN_MAC enabled=yes use-ipsec=required
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=br-Trunk list=Trunk
/interface ovpn-server server
set auth=sha1 certificate=marzenie.local-certificate cipher=aes256 \
    default-profile=openvpn require-client-certificate=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=test enabled=yes
/ip address
add address=192.168.0.1/24 comment=VLAN_100_Core_MM_Adresses interface=\
    VLAN_100 network=192.168.0.0
add address=192.168.200.1/24 comment=VLAN_200_MGMT_Adresses interface=\
    VLAN_200_MGMT network=192.168.200.0
add address=192.168.10.1/24 comment=VLAN_10_Desktops_Adresses interface=\
    VLAN_10 network=192.168.10.0
add address=192.168.20.1/24 comment=VLAN_20_Laptops_Adresses interface=\
    VLAN_20 network=192.168.20.0
add address=192.168.30.1/24 comment=VLAN_30_Printers_Adresses interface=\
    VLAN_30 network=192.168.30.0
add address=192.168.40.1/24 comment=VLAN_40_WiFi_MM_Adresses interface=\
    VLAN_40 network=192.168.40.0
add address=192.168.60.1/24 comment=VLAN_60_WiFi_Guest_Adresses interface=\
    VLAN_60 network=192.168.60.0
add address=192.168.3.1/24 interface=bridge1 network=192.168.3.0
add address=172.22.22.1/24 disabled=yes network=172.22.22.0
add address=192.168.8.1/24 comment=no_VLAN interface=br-mgmt network=\
    192.168.8.0
add address=192.168.50.1/24 comment=VLAN_50_Kamery_Adresses interface=VLAN_50 \
    network=192.168.50.0
add address=10.11.16.173/24 disabled=yes interface=WAN1 network=10.11.16.0
add address=77.65.116.226/22 interface=WAN2 network=77.65.116.0
add address=172.22.22.1/24 disabled=yes network=172.22.22.0
add address=192.169.0.1/24 comment=VLAN_100_Core_MM_Adresses interface=\
    VLAN_100 network=192.169.0.0
add address=173.33.33.1/24 interface=eoip-tunnel1 network=173.33.33.0
/ip dhcp-client
add disabled=no interface=WAN1
add disabled=no interface=WAN2
/ip dhcp-server lease
add address=192.168.0.7 client-id=1:6c:3b:6b:95:42:16 mac-address=\
    6C:3B:6B:95:42:16 server=dhcp-vlan100
add address=192.168.10.217 client-id=1:80:5e:c0:d4:5b:c6 comment=\
    "Yalink - konferencyjny" mac-address=80:5E:C0:D4:5B:C6 server=\
    dhcp-vlan10_
add address=192.168.0.42 always-broadcast=yes client-id=1:28:c2:dd:d8:74:b0 \
    comment="Stolarnia - FORMAT4 - Wiertarka - stolarnia duza" mac-address=\
    28:C2:DD:D8:74:B0 server=dhcp-vlan100
add address=192.168.0.23 always-broadcast=yes client-id=1:4c:cc:6a:d9:3d:d8 \
    comment="PC - Stryjakiewicz Radek - LAN" mac-address=4C:CC:6A:D9:3D:D8 \
    server=dhcp-vlan100
add address=192.168.0.53 always-broadcast=yes client-id=1:7c:dd:90:c2:a2:ba \
    comment="HalaGora - LAGOWARKA - Krojownia" mac-address=7C:DD:90:C2:A2:BA \
    server=dhcp-vlan100
add address=192.168.0.68 always-broadcast=yes client-id=1:34:97:f6:92:46:d5 \
    comment="BIURO2DOL-02 - LAN" mac-address=34:97:F6:92:46:D5 server=\
    dhcp-vlan100
add address=192.168.0.70 always-broadcast=yes client-id=1:4c:cc:6a:df:9:1e \
    comment="Laptop MSI 20170916 - Kierownik Stolarni - Pawel - LAN" \
    mac-address=4C:CC:6A:DF:09:1E server=dhcp-vlan100
add address=192.168.0.55 always-broadcast=yes client-id=1:70:4d:7b:65:c8:52 \
    comment=BIURO-201708-2 mac-address=70:4D:7B:65:C8:52 server=dhcp-vlan100
add address=192.168.0.139 always-broadcast=yes client-id=1:2c:56:dc:38:ee:ca \
    comment="PC Projekty1 na procesorze i7 " mac-address=2C:56:DC:38:EE:CA \
    server=dhcp-vlan100
add address=192.168.0.109 always-broadcast=yes client-id=1:0:c:26:e:90:1c \
    comment="sebastian-naw. powietrza" mac-address=00:0C:26:0E:90:1C server=\
    dhcp-vlan100
add address=192.168.200.99 client-id=1:30:9c:23:47:a7:90 comment=\
    "MD99 - Ethernet - Mainboard" mac-address=30:9C:23:47:A7:90 server=\
    dhcp-vlan200
add address=192.168.0.64 always-broadcast=yes client-id=1:e0:d5:5e:97:65:e1 \
    comment="MD35 - PC1 - kamery kotlownia" mac-address=E0:D5:5E:97:65:E1 \
    server=dhcp-vlan100
add address=192.168.0.67 always-broadcast=yes client-id=1:30:9c:23:49:3b:6c \
    comment=MD24 mac-address=30:9C:23:49:3B:6C server=dhcp-vlan100
add address=192.168.0.65 always-broadcast=yes client-id=1:30:9c:23:49:3b:76 \
    comment=MD16 mac-address=30:9C:23:49:3B:76 server=dhcp-vlan100
add address=192.168.0.99 always-broadcast=yes client-id=1:0:10:18:2f:89:1f \
    comment="MD99 - Ethernet - Broadcom" disabled=yes mac-address=\
    00:10:18:2F:89:1F server=dhcp-vlan100
add address=192.168.0.124 always-broadcast=yes client-id=1:d0:f8:8c:89:4:ff \
    mac-address=D0:F8:8C:89:04:FF server=dhcp-vlan100
add address=192.168.0.69 always-broadcast=yes client-id=1:30:9c:23:e0:96:87 \
    comment="MD40 - Szwalnia Materace (parter ko\B3o lagowarki u Radka)" \
    mac-address=30:9C:23:E0:96:87 server=dhcp-vlan100
add address=192.168.0.225 client-id=1:e4:f1:4c:7:4b:17 comment=\
    "Kamera Wjazd1wzdluzNamiotu - poprawic na rejestratorze IP-bylo 0.230" \
    mac-address=E4:F1:4C:07:4B:17 server=dhcp-vlan100
add address=192.168.0.228 client-id=1:38:af:29:bc:45:22 comment=\
    "Kamera Wjazd1Brama" mac-address=38:AF:29:BC:45:22 server=dhcp-vlan100
add address=192.168.0.246 client-id=1:0:2:e7:2:f1:73 comment=\
    "CAB - drukarka Etykiet u Sebastiana Gawinskiego" mac-address=\
    00:02:E7:02:F1:73 server=dhcp-vlan100
add address=192.168.0.41 client-id=1:70:85:c2:88:6d:4d comment=MD41 \
    mac-address=70:85:C2:88:6D:4D server=dhcp-vlan100
add address=192.168.0.29 client-id=1:74:27:ea:32:3c:35 comment=MP03 \
    mac-address=74:27:EA:32:3C:35 server=dhcp-vlan100
add address=192.168.0.37 client-id=1:74:27:ea:32:42:4b comment=MP04 \
    mac-address=74:27:EA:32:42:4B server=dhcp-vlan100
add address=192.168.0.95 client-id=1:0:30:d:3a:e3:75 comment=\
    "Czytnik3 - Materace - Sebastian" mac-address=00:30:0D:3A:E3:75 server=\
    dhcp-vlan100
add address=192.168.0.165 client-id=1:3c:2a:f4:55:9f:2e comment=\
    "Drukarka BROTHER MFC-L2712DW - KADRY - nowa od 20190314" mac-address=\
    3C:2A:F4:55:9F:2E server=dhcp-vlan100
add address=192.168.0.27 client-id=1:30:9c:23:b8:72:23 comment=MD42 \
    mac-address=30:9C:23:B8:72:23 server=dhcp-vlan100
add address=192.168.0.26 client-id=1:a4:4c:c8:f2:2:a2 mac-address=\
    A4:4C:C8:F2:02:A2 server=dhcp-vlan100
add address=192.168.0.33 client-id=1:30:9c:23:b8:75:98 mac-address=\
    30:9C:23:B8:75:98 server=dhcp-vlan100
add address=192.168.10.4 client-id=1:70:8b:cd:ab:4a:4f comment=BIURO-201705-2 \
    mac-address=70:8B:CD:AB:4A:4F server=dhcp-vlan10_
add address=192.168.10.14 client-id=1:2c:56:dc:49:2b:17 mac-address=\
    2C:56:DC:49:2B:17 server=dhcp-vlan10_
add address=192.168.10.9 client-id=1:10:7b:44:53:80:aa comment=BIURO-201709-1 \
    mac-address=10:7B:44:53:80:AA server=dhcp-vlan10_
add address=192.168.10.44 client-id=1:e0:d5:5e:bf:a8:c3 mac-address=\
    E0:D5:5E:BF:A8:C3 server=dhcp-vlan10_
add address=192.168.10.17 client-id=1:70:8b:cd:ab:49:f8 mac-address=\
    70:8B:CD:AB:49:F8 server=dhcp-vlan10_
add address=192.168.10.3 client-id=1:70:8b:cd:ab:30:14 mac-address=\
    70:8B:CD:AB:30:14 server=dhcp-vlan10_
add address=192.168.10.18 client-id=1:f0:79:59:69:d8:93 mac-address=\
    F0:79:59:69:D8:93 server=dhcp-vlan10_
add address=192.168.20.4 client-id=1:9c:5c:8e:b4:35:9c comment=MP04 \
    mac-address=9C:5C:8E:B4:35:9C server=dhcp-vlan20
add address=192.168.41.52 always-broadcast=yes client-id=1:70:3a:51:95:ae:21 \
    comment=RedmiNote7-sklep mac-address=70:3A:51:95:AE:21 server=dhcp-vlan40
add address=192.168.200.203 client-id=1:cc:2d:e0:ea:9:63 comment=\
    "AP_03 - Lagowarki - Hala Gora Srodek 2,4GHz" mac-address=\
    CC:2D:E0:EA:09:63 server=dhcp-vlan200
add address=192.168.200.205 client-id=1:b8:69:f4:80:41:47 comment=\
    "AP_05 - Hala Produkcyjna - Tapicernia - wisi obok schodow" mac-address=\
    B8:69:F4:80:41:47 server=dhcp-vlan200
add address=192.168.30.149 client-id=1:24:5e:be:2b:23:be comment=s-nas \
    mac-address=24:5E:BE:2B:23:BE server=dhcp-vlan30
add address=192.168.10.42 client-id=1:30:9c:23:b8:72:23 comment=MD42 \
    mac-address=30:9C:23:B8:72:23 server=dhcp-vlan10_
add address=192.168.0.35 client-id=1:0:d8:61:30:3c:8d mac-address=\
    00:D8:61:30:3C:8D server=dhcp-vlan100
add address=192.168.10.22 client-id=1:4c:cc:6a:d9:3d:d8 comment=\
    "MD22 - PC - Stryjakiewicz Radek - LAN" mac-address=4C:CC:6A:D9:3D:D8 \
    server=dhcp-vlan10_
add address=192.168.10.30 client-id=1:0:d8:61:9e:26:94 comment=MD30 \
    mac-address=00:D8:61:9E:26:94 server=dhcp-vlan10_
add address=192.168.0.47 client-id=1:0:d8:61:9e:26:94 comment=MD30 \
    mac-address=00:D8:61:9E:26:94 server=dhcp-vlan100
add address=192.168.0.58 client-id=1:70:4d:7b:65:b3:d6 comment=\
    "MD06 - BIURO-201706-2 - LAN" mac-address=70:4D:7B:65:B3:D6 server=\
    dhcp-vlan100
add address=192.168.0.60 client-id=1:10:7b:44:53:80:aa comment=MD09 \
    mac-address=10:7B:44:53:80:AA server=dhcp-vlan100
add address=192.168.0.52 client-id=1:70:85:c2:f7:3e:f7 comment=MD31 \
    mac-address=70:85:C2:F7:3E:F7 server=dhcp-vlan100
add address=192.168.200.206 client-id=1:c4:ad:34:46:46:aa comment=\
    "AP_06 - Hala Dol - wisi w polowie hali" mac-address=C4:AD:34:46:46:AA \
    server=dhcp-vlan200
add address=192.168.0.87 client-id=1:70:4d:7b:66:c0:a1 mac-address=\
    70:4D:7B:66:C0:A1 server=dhcp-vlan100
add address=192.168.200.207 client-id=1:c4:ad:34:f5:70:c7 comment=\
    "AP_07 - Hala Dol - wisi na koncu hali" mac-address=C4:AD:34:F5:70:C7 \
    server=dhcp-vlan200
add address=192.168.200.208 comment=\
    "AP_08 - HalaObokHalaDolNaPodworzel - Materace - wisi na srodku" \
    mac-address=C4:AD:34:F5:6F:5D server=dhcp-vlan200
add address=192.168.40.54 always-broadcast=yes mac-address=DC:09:4C:14:87:27 \
    server=dhcp-vlan40
add address=192.168.222.157 client-id=1:b8:c3:85:a2:e5:29 mac-address=\
    B8:C3:85:A2:E5:29 server=dhcp-vlan100
add address=192.168.0.73 client-id=1:2c:f0:5d:22:39:ac mac-address=\
    2C:F0:5D:22:39:AC server=dhcp-vlan100
add address=192.168.0.79 client-id=1:2c:f0:5d:22:39:a3 mac-address=\
    2C:F0:5D:22:39:A3 server=dhcp-vlan100
add address=192.168.20.146 client-id=1:c0:b8:83:74:43:3e comment=\
    "HalaDol - Unicut One5prime - materace" mac-address=C0:B8:83:74:43:3E \
    server=dhcp-vlan20
add address=192.168.20.77 always-broadcast=yes client-id=1:70:f1:1c:28:74:22 \
    comment="HalaDol - Unicut One5prime - Lagowarka Beckhoff - jezdzi na wozku\
    \_- materace" mac-address=70:F1:1C:28:74:22 server=dhcp-vlan20
add address=192.168.20.74 client-id=1:80:3f:5d:11:e:13 comment=\
    "HalaGora - CUTER przy oknie" mac-address=80:3F:5D:11:0E:13 server=\
    dhcp-vlan20
add address=192.168.0.92 comment="Stolarnia - KDT" mac-address=\
    D0:37:45:8B:8F:CB server=dhcp-vlan100
add address=192.168.200.209 client-id=1:c4:ad:34:f6:de:ae comment=\
    "AP_09 - Stolarnia stara - wisi na srodku" mac-address=C4:AD:34:F6:DE:AE \
    server=dhcp-vlan200
add address=192.168.20.69 client-id=1:e4:2:9b:58:4:a8 comment=\
    "HalaGora - Unicut One5prime - dalej od okna" mac-address=\
    E4:02:9B:58:04:A8 server=dhcp-vlan20
add address=192.168.10.113 client-id=1:0:2b:67:ec:74:39 comment=ML13 \
    mac-address=00:2B:67:EC:74:39 server=dhcp-vlan10_
add address=192.168.0.21 client-id=1:d0:37:45:c1:10:32 comment="BEDLINE142 - M\
    aterace - Maszyna TUREK - nie zmieniac IP bo cos im nie dziala" \
    mac-address=D0:37:45:C1:10:32 server=dhcp-vlan100
add address=192.168.10.34 client-id=1:2c:f0:5d:22:39:a3 mac-address=\
    2C:F0:5D:22:39:A3 server=dhcp-vlan10_
add address=192.168.10.110 client-id=1:0:23:5a:81:a1:b1 mac-address=\
    00:23:5A:81:A1:B1 server=dhcp-vlan10_
add address=192.168.10.111 client-id=1:2c:ea:7f:4:3e:e1 mac-address=\
    2C:EA:7F:04:3E:E1 server=dhcp-vlan10_
add address=192.168.10.25 client-id=1:90:1b:e:6:9c:1d mac-address=\
    90:1B:0E:06:9C:1D server=dhcp-vlan10_
add address=192.168.10.16 client-id=1:30:9c:23:49:3b:76 mac-address=\
    30:9C:23:49:3B:76 server=dhcp-vlan10_
add address=192.168.10.24 client-id=1:30:9c:23:49:3b:6c mac-address=\
    30:9C:23:49:3B:6C server=dhcp-vlan10_
add address=192.168.200.211 client-id=1:8:55:31:4d:9a:10 comment=\
    "AP_11 - Gniazdko przy biurku Magdy Paluszek" mac-address=\
    08:55:31:4D:9A:10 server=dhcp-vlan200
add address=192.168.0.77 client-id=1:a8:a1:59:5e:14:99 mac-address=\
    A8:A1:59:5E:14:99 server=dhcp-vlan100
add address=192.168.0.83 client-id=1:74:27:ea:39:72:a8 mac-address=\
    74:27:EA:39:72:A8 server=dhcp-vlan100
add address=192.168.0.180 comment="PROKSIMA - Marcin - Lenovo Legion 5" \
    mac-address=90:2E:16:F4:00:68 server=dhcp-vlan100
add address=192.168.10.51 client-id=1:a8:a1:59:5e:14:a0 mac-address=\
    A8:A1:59:5E:14:A0 server=dhcp-vlan10_
add address=192.168.10.115 client-id=1:d4:5d:64:68:11:bc mac-address=\
    D4:5D:64:68:11:BC server=dhcp-vlan10_
add address=192.168.10.45 client-id=1:0:d8:61:d4:ef:88 mac-address=\
    00:D8:61:D4:EF:88 server=dhcp-vlan10_
add address=192.168.10.12 client-id=1:ac:9e:17:81:92:93 mac-address=\
    AC:9E:17:81:92:93 server=dhcp-vlan10_
add address=192.168.10.46 client-id=1:0:d8:61:d4:f2:4 mac-address=\
    00:D8:61:D4:F2:04 server=dhcp-vlan10_
add address=192.168.10.5 client-id=1:70:4d:7b:65:c7:5a mac-address=\
    70:4D:7B:65:C7:5A server=dhcp-vlan10_
add address=192.168.10.47 client-id=1:2c:f0:5d:84:f1:27 mac-address=\
    2C:F0:5D:84:F1:27 server=dhcp-vlan10_
add address=192.168.10.112 client-id=1:a4:4c:c8:f2:2:a2 mac-address=\
    A4:4C:C8:F2:02:A2 server=dhcp-vlan10_
add address=192.168.10.114 client-id=1:d4:5d:64:68:11:8f mac-address=\
    D4:5D:64:68:11:8F server=dhcp-vlan10_
add address=192.168.10.27 client-id=1:0:d8:61:30:3c:8d mac-address=\
    00:D8:61:30:3C:8D server=dhcp-vlan10_
add address=192.168.10.23 client-id=1:2c:56:dc:38:ee:ca mac-address=\
    2C:56:DC:38:EE:CA server=dhcp-vlan10_
add address=192.168.10.116 client-id=1:54:5:db:8b:46:4f disabled=yes \
    mac-address=54:05:DB:8B:46:4F server=dhcp-vlan10_
add address=192.168.0.98 always-broadcast=yes comment=ML22 mac-address=\
    38:F3:AB:15:B3:0D server=dhcp-vlan100
add address=192.168.41.51 client-id=1:d0:f8:8c:89:4:ff mac-address=\
    D0:F8:8C:89:04:FF server=dhcp-vlan40
add address=192.168.0.177 comment=MD50 mac-address=2C:F0:5D:87:3F:73 server=\
    dhcp-vlan100
add address=192.168.0.171 comment="TimeExpert - Skaner - Stolarnia" \
    mac-address=00:00:00:00:00:10 use-src-mac=yes
add address=192.168.0.172 comment="TimeExpert - Skaner - Biuro" mac-address=\
    00:00:00:00:00:20
add address=192.168.0.173 comment=\
    "TimeExpert - Skaner - Przy_Za\B3adunku/Wej\9Ccie Pracownicze" \
    mac-address=00:00:00:00:00:30
add address=192.168.0.174 comment="TimeExpert - Skaner - Tapicernia" \
    mac-address=00:00:00:00:00:40
add address=192.168.0.176 comment="TimeExpert - Skaner - Materace" \
    mac-address=00:00:00:00:00:60
add address=192.168.0.230 comment="TimeExpert - Skaner - Kierowcy" \
    mac-address=00:00:00:00:00:23 server=dhcp-vlan100
add address=192.168.0.30 comment=ML13 mac-address=00:2B:67:EC:74:39 server=\
    dhcp-vlan100
add address=192.168.0.182 comment=MD29 mac-address=00:D8:61:9E:29:D8 server=\
    dhcp-vlan100
add address=192.168.0.183 comment=MD10 mac-address=34:97:F6:92:3B:DC server=\
    dhcp-vlan100
add address=192.168.0.184 comment=MD54 mac-address=2C:F0:5D:EA:40:16 server=\
    dhcp-vlan100
add address=192.168.0.185 comment=MD20 mac-address=9C:5C:8E:89:81:E6 server=\
    dhcp-vlan100
add address=192.168.0.186 comment=MD53 mac-address=2C:F0:5D:E0:9C:7E server=\
    dhcp-vlan100
add address=192.168.0.187 comment=MD55 mac-address=F0:2F:74:8A:79:13 server=\
    dhcp-vlan100
add address=192.168.0.188 comment="Stolarnia - SelcoWNT6 - pi\B3a panelowa" \
    mac-address=D0:37:45:D3:05:A5 server=dhcp-vlan100
add address=192.168.10.118 client-id=1:28:ee:52:11:5f:31 mac-address=\
    28:EE:52:11:5F:31 server=dhcp-vlan10_
add address=192.168.10.106 client-id=1:58:82:a8:91:3e:91 comment=ML06 \
    mac-address=58:82:A8:91:3E:91 server=dhcp-vlan10_
add address=192.168.200.213 client-id=1:8:55:31:b0:d1:71 comment=\
    "AP_13 - BiuroGora - Szefowie" mac-address=08:55:31:B0:D1:71 server=\
    dhcp-vlan200
add address=192.168.10.32 client-id=1:18:3:73:e2:2b:e0 comment=\
    "Radio Internetowe" mac-address=18:03:73:E2:2B:E0 server=dhcp-vlan10_
add address=192.168.20.211 client-id=1:24:5e:be:1c:6b:da mac-address=\
    24:5E:BE:1C:6B:DA server=dhcp-vlan20
add address=192.168.30.211 client-id=1:24:5e:be:1c:6b:db mac-address=\
    24:5E:BE:1C:6B:DB server=dhcp-vlan30
add address=192.168.40.99 client-id=1:f4:f2:6d:56:e3:89 mac-address=\
    F4:F2:6D:56:E3:89 server=dhcp-vlan40
add address=192.168.10.99 client-id=1:f4:f2:6d:56:e3:89 mac-address=\
    F4:F2:6D:56:E3:89 server=dhcp-vlan10_
add address=192.168.20.99 client-id=1:f4:f2:6d:56:e3:89 mac-address=\
    F4:F2:6D:56:E3:89 server=dhcp-vlan20
add address=192.168.30.99 client-id=1:f4:f2:6d:56:e3:89 mac-address=\
    F4:F2:6D:56:E3:89 server=dhcp-vlan30
add address=192.168.50.99 client-id=1:f4:f2:6d:56:e3:89 mac-address=\
    F4:F2:6D:56:E3:89 server=dhcp-vlan50
add address=192.168.60.99 client-id=1:f4:f2:6d:56:e3:89 comment="MD99 - WiFi" \
    mac-address=F4:F2:6D:56:E3:89 server=dhcp-vlan60
add address=192.168.200.212 client-id=1:8:55:31:4d:a2:a comment=\
    "AP_12 - Hala Produkcyjna - Tapicernia - wisi blizej namiotu" \
    mac-address=08:55:31:4D:A2:0A server=dhcp-vlan200
add address=192.168.0.89 client-id=1:0:30:d:3a:af:89 comment=\
    "Czytnik7 - Tapicernia - 20210703" mac-address=00:30:0D:3A:AF:89 server=\
    dhcp-vlan100
add address=192.168.0.88 client-id=1:0:30:d:39:2:9a comment=\
    "Czytnik6 - Tapicernia - 20210703" mac-address=00:30:0D:39:02:9A server=\
    dhcp-vlan100
add address=192.168.0.86 client-id=1:70:8b:cd:ab:30:57 comment=\
    "MD15 - PC2 - kamery kotlownia" mac-address=70:8B:CD:AB:30:57 server=\
    dhcp-vlan100
add address=192.168.0.96 comment="Czytnik8 - Korlety - 20210715" mac-address=\
    00:30:0D:3A:E2:B4 server=dhcp-vlan100
add address=192.168.0.97 comment="Czytnik9 - Korlety2 - 20210715" \
    mac-address=00:30:0D:39:04:D0 server=dhcp-vlan100
add address=192.168.200.216 comment="AP_16 - Pakowanie (bli\BFej ramp)" \
    mac-address=2C:C8:1B:3A:EB:E4 server=dhcp-vlan200
add address=192.168.200.217 comment="AP_17 - Pakowanie (bli\BFej tapicerni)" \
    mac-address=2C:C8:1B:3A:EB:8E server=dhcp-vlan200
add address=192.168.0.84 client-id=1:0:30:d:39:3:6c comment=\
    "Czytnik13 - 20210820" mac-address=00:30:0D:39:03:6C server=dhcp-vlan100
add address=192.168.0.80 client-id=1:48:8f:5a:7c:85:9d comment=\
    "AP_10 - Stolarnia Duza" mac-address=48:8F:5A:7C:85:9A server=\
    dhcp-vlan100
add address=192.168.0.189 comment=MP06 mac-address=B8:CA:3A:9A:7D:28 server=\
    dhcp-vlan100
add address=192.168.0.39 comment="MD39 _ Serwerownia FAKT95" mac-address=\
    44:8A:5B:FA:66:AA server=dhcp-vlan100
add address=192.168.0.135 client-id=1:d0:37:45:e2:19:10 comment=\
    "Marcel LAPTOP" mac-address=D0:37:45:E2:19:10 server=dhcp-vlan100
add address=192.168.0.199 client-id=1:0:c:29:e2:24:12 mac-address=\
    00:0C:29:E2:24:12 server=dhcp-vlan100
add address=192.168.0.153 client-id=1:0:30:d:3a:e0:0 comment=\
    "Czytnik12 - 20210820" mac-address=00:30:0D:3A:E0:00 server=dhcp-vlan100
add address=192.168.0.144 client-id=1:0:30:d:3a:ae:3c comment=\
    "Czytnik2 - Tapicernia Lozka" mac-address=00:30:0D:3A:AE:3C server=\
    dhcp-vlan100
add address=192.168.10.55 client-id=1:30:24:a9:c2:21:93 comment=\
    "HP LaserJet Pro MFP M428fdn - Recepcja" mac-address=30:24:A9:C2:21:93 \
    server=dhcp-vlan10_
add address=192.168.200.218 comment="AP_18 - DOM (Marketing/Graficy)" \
    mac-address=2C:C8:1B:15:A1:2D server=dhcp-vlan200
add address=192.168.200.215 comment="AP_15 - Wystawka (ODPIETY TEMP)" \
    disabled=yes mac-address=2C:C8:1B:15:A0:F3 server=dhcp-vlan200
add address=192.168.10.35 comment="MD36 chwilowo z Sycowa" mac-address=\
    30:9C:23:CD:9F:CA server=dhcp-vlan10_
add address=192.168.0.127 client-id=1:0:30:d:39:91:b0 comment=\
    "Czytnik1 - Tapicernia" mac-address=00:30:0D:39:91:B0 server=dhcp-vlan100
add address=192.168.0.154 client-id=1:0:30:d:3a:b0:af comment=\
    "Czytnik14 - Szwalnia/Krojownia" mac-address=00:30:0D:3A:B0:AF server=\
    dhcp-vlan100
add address=192.168.0.159 client-id=1:0:30:d:3a:c5:6b comment=\
    "Czytnik15 - Szwalnia/Krojownia" mac-address=00:30:0D:3A:C5:6B server=\
    dhcp-vlan100
add address=192.168.0.125 client-id=1:c8:3e:a7:1:f2:ae comment=\
    "PLC - RevPi Connect+ -- RevPi DI 16inputs" mac-address=C8:3E:A7:01:F2:AE \
    server=dhcp-vlan100
add address=192.168.0.133 client-id=1:0:30:d:3a:ad:d7 comment=\
    "Czytnik4 - od 20201021" mac-address=00:30:0D:3A:AD:D7 server=\
    dhcp-vlan100
add address=192.168.0.85 client-id=1:0:30:d:3a:ad:6 comment=\
    "Czytnik5 - od 20201021" mac-address=00:30:0D:3A:AD:06 server=\
    dhcp-vlan100
add address=192.168.0.155 client-id=1:0:30:d:3a:30:a9 comment=\
    "Czytnik11 - 20210820" mac-address=00:30:0D:3A:30:A9 server=dhcp-vlan100
add address=192.168.0.122 client-id=1:0:30:d:3a:de:b0 comment=\
    "Czytnik10 - 20210820" mac-address=00:30:0D:3A:DE:B0 server=dhcp-vlan100
add address=192.168.0.48 comment=MD98 mac-address=A8:A1:59:64:28:42 server=\
    dhcp-vlan100
add address=192.168.0.126 client-id=1:30:9c:23:86:90:42 mac-address=\
    30:9C:23:86:90:42 server=dhcp-vlan100
add address=192.168.0.142 client-id=1:0:30:d:3a:46:99 comment=\
    "Czytnik16 - Krojownia - 20211021" mac-address=00:30:0D:3A:46:99 server=\
    dhcp-vlan100
add address=192.168.0.148 client-id=1:0:30:d:39:1b:70 comment=\
    "Czytnik18 - PPiatek - 20211021" mac-address=00:30:0D:39:1B:70 server=\
    dhcp-vlan100
add address=192.168.60.161 client-id=1:a8:7d:12:3:99:f3 mac-address=\
    A8:7D:12:03:99:F3 server=dhcp-vlan60
add address=192.168.200.204 comment="AP_04 - Recepcja" mac-address=\
    B8:69:F4:80:3F:2E server=dhcp-vlan200
add address=192.168.0.131 client-id=1:f8:2:78:20:d4:c1 comment=\
    "Stolarnia - FEC COMEC FRONTAL CNC" mac-address=F8:02:78:20:D4:C1 server=\
    dhcp-vlan100
add address=192.168.200.98 comment="ML22 - Ethernet - SH_ADM" mac-address=\
    38:F3:AB:15:B3:0D server=dhcp-vlan200
add address=192.168.0.164 comment=\
    "Drukarka Citizen S-703 - etykiety - biuro kierownikow, SN JNAB004531" \
    mac-address=00:00:00:00:00:70
add address=192.168.0.151 client-id=1:0:10:18:2f:89:1f mac-address=\
    00:10:18:2F:89:1F server=dhcp-vlan100
add address=192.168.0.160 comment="Konica Minolta Bizhub C360 - Eksport" \
    mac-address=00:00:00:00:00:15 server=dhcp-vlan100
add address=192.168.0.161 comment=\
    "Konica Minolta Bizhub C220 - Kierownicy produkcji" mac-address=\
    00:00:00:00:00:16 server=dhcp-vlan100
add address=192.168.0.162 comment="Konica Minolta Bizhub C364e - Kraj\F3wka" \
    mac-address=00:00:00:00:00:17 server=dhcp-vlan100
add address=192.168.0.129 client-id=1:0:10:20:41:b1:c4 mac-address=\
    00:10:20:41:B1:C4 server=dhcp-vlan100
add address=192.168.0.146 client-id=1:0:10:20:41:b6:18 mac-address=\
    00:10:20:41:B6:18 server=dhcp-vlan100
add address=192.168.0.121 client-id=1:0:10:20:41:b7:97 mac-address=\
    00:10:20:41:B7:97 server=dhcp-vlan100
add address=192.168.0.181 client-id=1:90:2e:16:f3:f9:90 comment=\
    "PROKSIMA - Robert - Lenovo Legion 5" mac-address=90:2E:16:F3:F9:90 \
    server=dhcp-vlan100
add address=192.168.0.38 comment="ML17 - Magazyn Opat\F3w (pierwszy Namiot)" \
    mac-address=6C:02:E0:CD:3E:48 server=dhcp-vlan100
add address=192.168.10.77 client-id=1:24:20:c7:22:3d:22 mac-address=\
    24:20:C7:22:3D:22 server=dhcp-vlan10_
add address=192.168.0.130 client-id=1:c0:6:c3:f6:c4:1f comment=\
    "Stolarnia - Centrum ROVER" mac-address=C0:06:C3:F6:C4:1F server=\
    dhcp-vlan100
add address=192.168.0.191 comment="TEMP STOLARNIA" mac-address=\
    28:EE:52:11:5F:31 server=dhcp-vlan100
add address=192.168.0.72 client-id=1:30:9c:23:b8:74:ca mac-address=\
    30:9C:23:B8:74:CA server=dhcp-vlan100
add address=192.168.0.74 client-id=1:18:c0:4d:b8:eb:7c mac-address=\
    18:C0:4D:B8:EB:7C server=dhcp-vlan100
add address=192.168.0.31 mac-address=E0:3F:49:AD:B7:A0 server=dhcp-vlan100
add address=192.168.0.150 client-id=1:0:c:29:ef:90:7a comment=\
    "OwnCloud_Ubuntu (wirtualka vSphere)" disabled=yes mac-address=\
    00:0C:29:EF:90:7A server=dhcp-vlan100
add address=192.168.0.140 client-id=1:0:30:d:3a:e1:52 comment=\
    "Czytnik17 - Sebastian - 20211021" mac-address=00:30:0D:3A:E1:52 server=\
    dhcp-vlan100
add address=192.168.0.235 client-id=1:0:c:29:ff:b7:28 mac-address=\
    00:0C:29:FF:B7:28 server=dhcp-vlan100
add address=192.168.0.123 client-id=1:18:c0:4d:9c:45:1b mac-address=\
    18:C0:4D:9C:45:1B server=dhcp-vlan100
add address=192.168.0.49 comment="Fotowoltaika Opat\F3w (1z2 - SN FALOWNIKA 66\
    AT2530219C005 SN WiFi 669W3DRF216A137)" mac-address=BC:FF:4D:38:2F:2C \
    server=dhcp-vlan100
add address=192.168.0.50 comment="Fotowoltaika Opat\F3w (2z2 - SN FALOWNIKA 66\
    AT2530219C005 SN WiFi 669W3DTF216A292)" mac-address=BC:FF:4D:38:08:55 \
    server=dhcp-vlan100
add address=192.168.10.56 comment="HP Color LaserJet MFP 179fnw (DOMEK)" \
    mac-address=50:81:40:D9:E8:1F server=dhcp-vlan10_
/ip dhcp-server network
add address=192.168.0.0/24 caps-manager=192.168.200.1 dns-server=\
    192.168.0.200,192.168.0.1,62.21.99.95,62.21.99.94 domain=marzenie.local \
    gateway=192.168.0.1 ntp-server=192.168.0.200 wins-server=192.168.0.200
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.10.0/24 dns-server=\
    192.168.0.200,192.168.0.1,194.204.152.34,194.204.159.1,8.8.8.8 domain=\
    marzenie.local gateway=192.168.10.1 ntp-server=192.168.0.200 wins-server=\
    192.168.0.200
add address=192.168.20.0/24 dns-server=\
    192.168.0.200,192.168.0.1,194.204.152.34,194.204.159.1,8.8.8.8 domain=\
    marzenie.local gateway=192.168.20.1 ntp-server=192.168.0.200 wins-server=\
    192.168.0.200
add address=192.168.30.0/24 dns-server="192.168.0.200,192.168.30.1,192.168.0.1\
    ,194.204.152.34,194.204.159.1,8.8.8.8" domain=marzenie.local gateway=\
    192.168.30.1 ntp-server=192.168.0.200 wins-server=192.168.0.200
add address=192.168.40.0/24 dns-server=\
    192.168.0.200,192.168.0.1,194.204.152.34,194.204.159.1,8.8.8.8 domain=\
    marzenie.local gateway=192.168.40.1 ntp-server=192.168.0.200 wins-server=\
    192.168.0.200
add address=192.168.50.0/24 dns-server=\
    192.168.0.200,192.168.0.1,194.204.152.34,194.204.159.1,8.8.8.8 domain=\
    marzenie.local gateway=192.168.50.1 ntp-server=192.168.0.200 wins-server=\
    192.168.0.200
add address=192.168.60.0/24 dns-server=\
    192.168.0.1,194.204.152.34,194.204.159.1,8.8.8.8 gateway=192.168.60.1
add address=192.168.200.0/24 caps-manager=192.168.200.1 dns-server=\
    192.168.0.200,192.168.0.1,194.204.152.34,194.204.159.1,8.8.8.8 domain=\
    marzenie.local gateway=192.168.200.1 ntp-server=192.168.0.200 \
    wins-server=192.168.0.200
/ip dns
set allow-remote-requests=yes servers=192.168.0.200,62.21.99.95,62.21.99.94
/ip dns static
add address=192.168.0.200 name=marzenie.local
add address=192.168.0.200 name=s-dc
add address=192.168.0.215 name=s-nas
add address=192.168.0.199 disabled=yes name=urbackup.marzenie.local
add address=192.168.0.235 name=tap1.intrmm.pl
/ip firewall address-list
add address=109.173.183.201 comment="Fryderyk test" disabled=yes list=\
    ftp_whitelist
add address=212.244.79.1 list=tunnel_and_VPN_whitelist
add address=212.244.79.2 list=tunnel_and_VPN_whitelist
add address=212.244.79.3 list=tunnel_and_VPN_whitelist
add address=212.244.79.4 list=tunnel_and_VPN_whitelist
add address=212.244.79.5 list=tunnel_and_VPN_whitelist
add address=94.23.4.203 comment="MMichalski - Poczta MM" list=ftp_whitelist
add address=93.181.131.204 comment="MMichalski - Poczta MM" list=\
    ftp_whitelist
add address=159.69.54.204 comment="MMichalski - Poczta MM" list=ftp_whitelist
add address=77.65.114.106 comment=Fryderyk2 disabled=yes list=ftp_whitelist
add address=94.23.4.203 comment="MMichalski - Poczta MM - SFTP" list=\
    sftp_whitelist
add address=93.181.131.204 comment="MMichalski - Poczta MM - SFTP" list=\
    sftp_whitelist
add address=159.69.54.204 comment="MMichalski - Poczta MM - SFTP" list=\
    sftp_whitelist
add address=94.254.203.167 comment="Szymon - test" disabled=yes list=\
    sftp_whitelist
add address=78.128.113.66 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    winbox_blacklist
add address=78.128.113.67 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    winbox_blacklist
add address=78.128.113.68 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    winbox_blacklist
add address=78.128.113.0/24 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas, ca\B3y /024" list=\
    winbox_blacklist
add address=78.128.113.70 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    winbox_blacklist
add address=91.191.209.0/24 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    winbox_blacklist
add address=91.191.209.0/24 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=ssh_blacklist
add address=78.128.113.0/24 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=ssh_blacklist
add address=78.128.113.0/24 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    telnet_blacklist
add address=91.191.209.0/24 comment=\
    "// Szymon - pr\F3bowa\B3 si\EA dobi\E6 ca\B3y czas" list=\
    telnet_blacklist
add address=185.93.240.158 comment="kwrobel L2TP" list=\
    tunnel_and_VPN_whitelist
/ip firewall filter
add action=accept chain=input disabled=yes dst-port=53 protocol=tcp
add action=accept chain=input comment="OPENVPN _ PORT" disabled=yes dst-port=\
    1194 protocol=tcp
add action=drop chain=forward disabled=yes dst-address=192.168.20.0/24 \
    src-address=192.168.10.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.10.0/24 \
    src-address=192.168.20.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.30.0/24 \
    src-address=192.168.20.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.10.0/24 \
    src-address=192.168.30.0/24
add action=drop chain=forward dst-address=192.168.0.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.10.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.20.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.30.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.40.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.50.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.200.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=192.168.11.0/24 src-address=\
    192.168.60.0/24
add action=drop chain=forward dst-address=103.86.160.0/24
add action=drop chain=forward comment=\
    "ruch generowany przez agentow statlook\?" dst-port=21200 protocol=tcp \
    src-address-list=statlook_port_21200_blacklist
add action=add-src-to-address-list address-list=statlook_port_21200_blacklist \
    address-list-timeout=1w3d1m chain=forward connection-state=new dst-port=\
    21200 protocol=tcp src-address-list=statlook_port_21200_stage3
add action=add-src-to-address-list address-list=statlook_port_21200_stage3 \
    address-list-timeout=1m chain=forward connection-state=new dst-port=21200 \
    protocol=tcp src-address-list=statlook_port_21200_stage2
add action=add-src-to-address-list address-list=statlook_port_21200_stage2 \
    address-list-timeout=1m chain=forward connection-state=new dst-port=21200 \
    protocol=tcp src-address-list=statlook_port_21200_stage1
add action=add-src-to-address-list address-list=statlook_port_21200_stage1 \
    address-list-timeout=1m chain=forward connection-state=new dst-port=21200 \
    protocol=tcp
add action=accept chain=forward dst-address=192.168.10.0/24 src-address=\
    192.168.0.0/24
add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
    192.168.10.0/24
add action=accept chain=forward dst-address=192.168.11.0/24 src-address=\
    192.168.0.0/24
add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
    192.168.11.0/24
add action=accept chain=forward dst-address=192.168.20.0/24 src-address=\
    192.168.0.0/24
add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
    192.168.20.0/24
add action=accept chain=forward dst-address=192.168.40.0/24 src-address=\
    192.168.0.0/24
add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
    192.168.40.0/24
add action=accept chain=forward dst-address=192.168.200.0/24 src-address=\
    192.168.0.0/24
add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
    192.168.200.0/24
add action=drop chain=forward disabled=yes dst-port=53 protocol=udp
add action=add-src-to-address-list address-list=Facebook_List \
    address-list-timeout=none-dynamic chain=forward comment="tworzy liste adre\
    sow IP na podstawie Parametru Layer7 Protokols wybranego w zakladce advanc\
    ed" layer7-protocol=Facebook protocol=tcp
add action=drop chain=forward comment=\
    "Wpis decyduj co ma sie stac z IP z listy" layer7-protocol=Facebook \
    protocol=tcp
add action=add-src-to-address-list address-list=WP_List address-list-timeout=\
    none-dynamic chain=forward comment="tworzy liste adresow IP na podstawie P\
    arametru Layer7 Protokols wybranego w zakladce advanced" disabled=yes \
    layer7-protocol=WP protocol=tcp
add action=add-dst-to-address-list address-list=WP_List address-list-timeout=\
    none-dynamic chain=forward comment=\
    "Wpis decyduj co ma sie stac z IP z listy" disabled=yes layer7-protocol=\
    WP protocol=tcp
add action=fasttrack-connection chain=forward
add action=accept chain=forward comment=\
    "allow ftp - zgoda na dostep do serwera FTP dla adresow z listy" \
    dst-port=21 in-interface-list=WAN log=yes protocol=tcp src-address-list=\
    ftp_whitelist
add action=drop chain=forward comment="drop ftp brute forcers" dst-port=21 \
    in-interface-list=WAN protocol=tcp src-address-list=ftp_blacklist
add action=add-src-to-address-list address-list=ftp_blacklist \
    address-list-timeout=1w3d chain=forward connection-state=new dst-port=21 \
    protocol=tcp src-address-list=ftp_stage3
add action=add-src-to-address-list address-list=ftp_stage3 \
    address-list-timeout=1m chain=forward connection-state=new dst-port=21 \
    protocol=tcp src-address-list=ftp_stage2
add action=add-src-to-address-list address-list=ftp_stage2 \
    address-list-timeout=1m chain=forward connection-state=new dst-port=21 \
    protocol=tcp src-address-list=ftp_stage1
add action=add-src-to-address-list address-list=ftp_stage1 \
    address-list-timeout=1m chain=forward connection-state=new dst-port=21 \
    protocol=tcp
add action=accept chain=forward dst-port=22 in-interface-list=WAN log=yes \
    protocol=tcp src-address-list=sftp_whitelist
add action=drop chain=input comment="drop ssh brute forcers" disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=forward connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=5s chain=forward connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=5s chain=forward connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=5s chain=forward connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=input comment="drop vnc brute forcers" dst-port=5901 \
    protocol=tcp
add action=drop chain=input comment="drop vnc brute forcers" dst-port=5900 \
    protocol=tcp src-address-list=vnc_blacklist
add action=add-src-to-address-list address-list=vnc_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=5900 \
    protocol=tcp src-address-list=vnc_stage3
add action=add-src-to-address-list address-list=vnc_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=5900 \
    protocol=tcp src-address-list=vnc_stage2
add action=add-src-to-address-list address-list=vnc_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=5900 \
    protocol=tcp src-address-list=vnc_stage1
add action=add-src-to-address-list address-list=vnc_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=5900 \
    protocol=tcp
add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 \
    protocol=tcp src-address-list=telnet_blacklist
add action=add-src-to-address-list address-list=telnet_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage3
add action=add-src-to-address-list address-list=telnet_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage2
add action=add-src-to-address-list address-list=telnet_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage1
add action=add-src-to-address-list address-list=telnet_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp
add action=drop chain=input comment="drop api_8728 brute forcers" dst-port=\
    8728 protocol=tcp src-address-list=api_8728_blacklist
add action=add-src-to-address-list address-list=api_8728_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=8728 \
    protocol=tcp src-address-list=api_8728_stage3
add action=add-src-to-address-list address-list=api_8728_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8728 \
    protocol=tcp src-address-list=api_8728_stage2
add action=add-src-to-address-list address-list=api_8728_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8728 \
    protocol=tcp src-address-list=api_8728_stage1
add action=add-src-to-address-list address-list=api_8728_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8728 \
    protocol=tcp
add action=drop chain=input comment="drop api_8729 brute forcers" dst-port=\
    8729 protocol=tcp src-address-list=api_8729_blacklist
add action=add-src-to-address-list address-list=api_8729_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=8729 \
    protocol=tcp src-address-list=api_8729_stage3
add action=add-src-to-address-list address-list=api_8729_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8729 \
    protocol=tcp src-address-list=api_8729_stage2
add action=add-src-to-address-list address-list=api_8729_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8729 \
    protocol=tcp src-address-list=api_8729_stage1
add action=add-src-to-address-list address-list=api_8729_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8729 \
    protocol=tcp
add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 \
    in-interface-list=WAN log=yes protocol=tcp src-address-list=\
    winbox_blacklist
add action=add-src-to-address-list address-list=winbox_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=winbox_stage3
add action=add-src-to-address-list address-list=winbox_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=winbox_stage2
add action=add-src-to-address-list address-list=winbox_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=winbox_stage1
add action=add-src-to-address-list address-list=winbox_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
    protocol=tcp
add action=drop chain=input comment="drop RDP brute forcers" dst-port=3389 \
    protocol=tcp src-address-list=RDP_blacklist
add action=add-src-to-address-list address-list=RDP_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=3389 \
    protocol=tcp src-address-list=RDP_stage3
add action=add-src-to-address-list address-list=RDP_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=3389 \
    protocol=tcp src-address-list=RDP_stage2
add action=add-src-to-address-list address-list=RDP_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=3389 \
    protocol=tcp src-address-list=RDP_stage1
add action=add-src-to-address-list address-list=RDP_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=3389 \
    protocol=tcp
add action=drop chain=input comment="drop Winbox_8001 brute forcers" \
    dst-port=8001 protocol=tcp src-address-list=Winbox_8001_blacklist
add action=add-src-to-address-list address-list=Winbox_8001_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=8001 \
    protocol=tcp src-address-list=Winbox_8001_stage3
add action=add-src-to-address-list address-list=Winbox_8001_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8001 \
    protocol=tcp src-address-list=Winbox_8001_stage2
add action=add-src-to-address-list address-list=Winbox_8001_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8001 \
    protocol=tcp src-address-list=Winbox_8001_stage1
add action=add-src-to-address-list address-list=Winbox_8001_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=8001 \
    protocol=tcp
add action=accept chain=input dst-port=500,1701,4500 in-interface-list=WAN \
    log=yes protocol=udp src-address-list=tunnel_and_VPN_whitelist
add action=drop chain=input dst-port=500,1701,4500 log=yes protocol=udp
add action=accept chain=input comment="test Szymon" disabled=yes \
    in-interface-list=WAN protocol=ipsec-esp
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
    new-connection-mark=WAN2 nth=2,2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
    new-connection-mark=WAN1 nth=2,1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2 disabled=yes \
    new-routing-mark=WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=yes \
    new-routing-mark=WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
    new-connection-mark=WAN2 nth=2,2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
    new-connection-mark=WAN1 nth=2,1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2 disabled=yes \
    new-routing-mark=WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=yes \
    new-routing-mark=WAN1 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes log=yes out-interface=*15
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.0/24 \
    src-address=192.168.200.0/24
add action=masquerade chain=srcnat disabled=yes out-interface=ether6
add action=masquerade chain=srcnat disabled=yes src-address=192.168.3.0/24
add action=masquerade chain=srcnat dst-address=192.168.0.235 out-interface=\
    br-Trunk protocol=tcp src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=192.168.0.1 dst-port=80 protocol=tcp \
    to-addresses=172.217.20.163 to-ports=80
add action=dst-nat chain=dstnat comment="WWW na zewnatrz idzie na Google.pl" \
    disabled=yes dst-port=80 log=yes protocol=tcp src-address=192.168.0.42 \
    src-port=80 to-addresses=193.218.152.21 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=10.11.16.172 dst-port=80 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=77.65.116.226 dst-port=80 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat dst-port=49890 log=yes protocol=tcp to-ports=\
    49890
add action=dst-nat chain=dstnat comment="Podglad pieca na kotlowni przez VNC" \
    dst-address=77.65.116.226 dst-port=5901 protocol=tcp to-addresses=\
    192.168.0.93 to-ports=5900
add action=dst-nat chain=dstnat comment="Podglad pieca na kotlowni przez VNC" \
    dst-address=192.168.0.93 dst-port=5900 log=yes protocol=tcp to-addresses=\
    77.65.116.226 to-ports=5900
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=none-dynamic chain=dstnat comment=FTP disabled=yes \
    dst-address=77.65.116.226 dst-port=21 protocol=tcp src-address=\
    109.173.183.201 to-addresses=192.168.0.215 to-ports=21
add action=dst-nat chain=dstnat comment=FTP dst-address=77.65.116.226 \
    dst-port=21 protocol=tcp src-address-list=ftp_whitelist to-addresses=\
    192.168.0.215 to-ports=21
add action=dst-nat chain=dstnat comment=SFTP dst-address=77.65.116.226 \
    dst-port=22 log=yes protocol=tcp src-address-list=sftp_whitelist \
    to-addresses=192.168.0.215 to-ports=22
add action=dst-nat chain=dstnat comment="UrBackup www" disabled=yes \
    dst-address=77.65.116.226 dst-port=55414 log=yes protocol=tcp \
    to-addresses=192.168.0.199 to-ports=55414
add action=dst-nat chain=dstnat comment="UrBackup www" disabled=yes \
    dst-address=77.65.116.226 dst-port=55415 protocol=tcp to-addresses=\
    192.168.0.199 to-ports=55415
add action=dst-nat chain=dstnat comment=statlook disabled=yes dst-address=\
    192.168.0.199 dst-port=21200 protocol=tcp to-addresses=77.65.116.226 \
    to-ports=21200
add action=dst-nat chain=dstnat comment=statlook disabled=yes dst-address=\
    192.168.0.199 dst-port=21300 protocol=tcp to-addresses=77.65.116.226 \
    to-ports=21300
add action=dst-nat chain=dstnat comment=statlook disabled=yes dst-address=\
    192.168.0.199 dst-port=22200 protocol=tcp to-addresses=77.65.116.226 \
    to-ports=22200
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=77.65.116.226 dst-port=53 protocol=udp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=10.10.16.172 dst-port=8291 protocol=tcp \
    to-addresses=172.217.20.163 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=77.65.116.226 dst-port=8291 protocol=tcp \
    to-addresses=172.217.20.163 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na..." \
    disabled=yes dst-address=192.168.0.1 dst-port=8080 protocol=tcp \
    to-addresses=192.168.0.1 to-ports=8080
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=192.168.1.1 dst-port=3389 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=10.11.16.172 dst-port=443 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=77.65.116.226 dst-port=443 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=77.65.116.226 dst-port=3389 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=10.11.16.172 dst-port=3389 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="WWW z zewnatrz idzie na Google.pl" \
    disabled=yes dst-address=192.168.1.1 dst-port=80 protocol=tcp \
    to-addresses=172.217.20.195 to-ports=80
add action=dst-nat chain=dstnat comment="VPN z zewnatrz idzie na..." \
    dst-port=1723 protocol=tcp to-ports=1723
add action=dst-nat chain=dstnat comment="Zdalny dostep WinBox" dst-address=\
    10.11.16.172 dst-port=8001 log=yes protocol=tcp to-addresses=192.168.0.1 \
    to-ports=8291
add action=dst-nat chain=dstnat comment="Zdalny dostep WinBox" dst-address=\
    77.65.116.226 dst-port=8001 log=yes protocol=tcp to-addresses=192.168.0.1 \
    to-ports=8291
add action=dst-nat chain=dstnat comment="www z zewn na AP" dst-port=8002 \
    protocol=tcp to-addresses=192.168.0.2 to-ports=80
add action=dst-nat chain=dstnat comment="www z zewn na AP" dst-port=8005 \
    protocol=tcp to-addresses=192.168.0.5 to-ports=80
add action=dst-nat chain=dstnat comment="www z zewn na AP" dst-port=8006 \
    protocol=tcp to-addresses=192.168.0.6 to-ports=80
add action=dst-nat chain=dstnat comment="WinBox z zewnatrz idzie na..." \
    dst-port=8007 protocol=tcp to-addresses=192.168.0.7 to-ports=8291
add action=dst-nat chain=dstnat comment="WinBox z zewnatrz idzie na..." \
    dst-port=8701-8704 protocol=tcp to-addresses=192.168.0.7 to-ports=\
    8701-8704
add action=dst-nat chain=dstnat comment="www z zewn na AP" dst-port=8003 \
    protocol=tcp to-addresses=192.168.0.3 to-ports=80
add action=dst-nat chain=dstnat comment="www z zewn na rejestrator1" \
    dst-port=8241 protocol=tcp to-addresses=192.168.0.241 to-ports=80
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24180 \
    protocol=tcp to-addresses=192.168.0.241 to-ports=80
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24280 \
    protocol=tcp to-addresses=192.168.0.242 to-ports=80
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24177 \
    protocol=tcp to-addresses=192.168.0.241 to-ports=24177
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24277 \
    protocol=tcp to-addresses=192.168.0.242 to-ports=24277
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=37777 \
    protocol=tcp to-addresses=192.168.0.243 to-ports=37777
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24178 \
    protocol=udp to-addresses=192.168.0.241 to-ports=24178
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24278 \
    protocol=udp to-addresses=192.168.0.242 to-ports=24278
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24143 \
    protocol=tcp to-addresses=192.168.0.241 to-ports=443
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=24243 \
    protocol=tcp to-addresses=192.168.0.242 to-ports=443
add action=dst-nat chain=dstnat comment="Rejestrator z zewn" dst-port=37778 \
    protocol=udp to-addresses=192.168.0.243 to-ports=37778
add action=masquerade chain=srcnat disabled=yes
add action=masquerade chain=srcnat disabled=yes
add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN \
    protocol=tcp to-ports=1194
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec identity
add peer=macbook_peer
/ip route
add distance=1 gateway=194.150.196.165
add distance=1 gateway=10.11.16.1
add distance=1 gateway=192.168.0.1
add distance=2 gateway=192.168.1.1
add distance=3 gateway=77.65.116.225
add comment=tunel distance=1 dst-address=192.168.11.0/24 gateway=173.33.33.2
add comment=tunel disabled=yes distance=1 dst-address=192.168.11.0/24 \
    gateway=172.22.22.2
add disabled=yes distance=2 dst-address=192.168.11.0/24 gateway=172.11.11.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd
set default-screen=informative-slideshow read-only-mode=yes
/lcd pin
set hide-pin-number=yes pin-number=8520
/lcd screen
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
set 5 timeout=5s
/ppp aaa
set interim-update=1m use-circuit-id-in-nas-port-id=yes
/ppp secret

I DELETED ALL OF PPP SECRETS BECAUSE I HAD MOST OF PASSWORDS IN COMMENTS :)

/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=swCore_MM
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=SysLogServer topics=ppp
add topics=interface
add action=SysLogServer disabled=yes topics=dhcp
add action=SysLogServer disabled=yes prefix=swCore topics=info
add action=disk topics=info
add action=disk topics=error
add action=disk topics=critical
add action=disk topics=ppp
add action=disk topics=pptp
/system ntp client
set enabled=yes primary-ntp=212.33.77.42 secondary-ntp=46.175.224.7
/system package update
set channel=long-term
/system scheduler
add interval=1d name=schedule_backup_to_ftp on-event=bakup_to_ftp policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jul/09/2018 start-time=08:45:00
add disabled=yes interval=2h name=a on-event=ip policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script

I DELETED SCRIPT FOR BACKUP - HARSH INFO :)

/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool traffic-generator
set test-id=1
Sorry for looking throught this mess.. Hung me later for this.. Looking forward to hearing from You guys soon, have a nice day.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Webserver (cannot get internally to intranet site via mobile phones) + other stuff..

Fri May 27, 2022 5:24 pm

Ensure whatever you do, is that you properly document the end result configuration, so the next IT person doesnt go through the pain of what you are attempting to do!
Meanwhile, also highly suggest also hiring a consultant to get over the hump and get you to a clean config.....
https://mikrotik.com/consultants
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Webserver (cannot get internally to intranet site via mobile phones) + other stuff..

Fri May 27, 2022 6:16 pm

You have an insanely complex configuration. anav may well be right that you may need to hire someone. If this is something you really want or need (required by your boss maybe) to do yourself, I would suggest that you state a clear list of the requirements - not how to reach those requirements. I would not be surprised that if you give a listing of the real requirements, there are people here who could help - very likely starting with a reset to factory defaults.
Granted, part of the existing insanely complex is all related to WiFi - which I do not do via Mikrotik, so I can't help or comment on that part of it.
What I mean by list of requirements is something like this:
- One internet service at gigabit speed that supplies one DHCP address via PPPOP
- One wired LAN that houses a web server
- One separate wired LAN with 20 desktop computers and two network printers
- One WiFi network with about 50 devices
- One separate guest WiFi network with up 25 devices that can only access the internet and is speed limited
- The wired desktop and non-guest WiFi devices need to be able to access the printers, the web server, and the internet
- You have a fully qualified domain name and use a Dynamic DNS provider so the web server can be reached via the domain name from the internet
- The server computer runs the Dynamic DNS client application that updates the Dynamic DNS server for your domain name.
- The router needs to provide DHCP and DNS to all LAN and WiFi devices.
Obviously your list will be a bit different, but that should give you an idea what I am suggesting.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Webserver (cannot get internally to intranet site via mobile phones) + other stuff..

Fri May 27, 2022 9:01 pm

I concur, the best approach is to create a lab environment buy a cheap hex and some capacs or something or try to do use EVE NG etc...
Using the requirements start from scratch and build a config that makes sense to you and works each step of the way.
Far easier to build a solid base config and then addd............

In this way you are actually ready with a working config to take over from the current one.

Who is online

Users browsing this forum: No registered users and 32 guests