Mu2MtN0n

1/interface bridge
2add admin-mac=64:D1:54:B0:94:E8 auto-mac=no comment=defconf name=bridge
3/interface ethernet
4set [ find default-name=ether1 ] comment=ISP
5/interface l2tp-server
6add name=L2TP-DeusEx user=DeusEx
7/interface ovpn-server
8add name=OVPN-DeusEx user=DeusEx
9/interface pptp-server
10add name=PPTP-DeusEx user=DeusEx
11/interface vlan
12add comment=ESXi interface=bridge name=vlan10 vlan-id=10
13add comment=Voice interface=bridge name=vlan11 vlan-id=11
14add comment=Site interface=bridge name=vlan12 vlan-id=12
15add comment=1C interface=bridge name=vlan13 vlan-id=13
16add comment=Video interface=bridge name=vlan14 vlan-id=14
17add comment=Radio interface=bridge name=vlan15 vlan-id=15
18add comment=Wi-Fi interface=bridge name=vlan16 vlan-id=16
19add comment=Management interface=bridge name=vlan20 vlan-id=20
20add comment=VPN interface=bridge name=vlan50 vlan-id=50
21/interface list
22add comment=defconf name=WAN
23add comment=defconf name=LAN
24/interface wireless security-profiles
25set [ find default=yes ] supplicant-identity=MikroTik
26add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=DeusEx supplicant-identity="" unicast-ciphers=tkip,aes-ccm
27/interface wireless
28set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=russia disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge \
29    security-profile=DeusEx ssid=DeusEx tx-power=30 tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
30add disabled=no mac-address=66:D1:54:B0:94:EC master-interface=wlan1 name=wlan2 security-profile=DeusEx ssid=Service vlan-id=20 vlan-mode=use-tag wps-mode=disabled
31/ip pool
32add name=Vlan1 ranges=192.168.1.2-192.168.1.254
33add name=Vlan10 ranges=192.168.10.2-192.168.10.254
34add name=Vlan11 ranges=192.168.11.2-192.168.11.254
35add name=Vlan12 ranges=192.168.12.2-192.168.12.254
36add name=Vlan13 ranges=192.168.13.2-192.168.13.254
37add name=Vlan14 ranges=192.168.14.2-192.168.14.254
38add name=Vlan15 ranges=192.168.15.2-192.168.15.254
39add name=Vlan16 ranges=192.168.16.2-192.168.16.254
40add name=Vlan20 ranges=192.168.20.2-192.168.20.254
41add name=Vlan50 ranges=192.168.50.2-192.168.50.254
42/ip dhcp-server
43add address-pool=Vlan1 disabled=no interface=bridge lease-time=12h name=vlan1
44add address-pool=Vlan10 disabled=no interface=vlan10 lease-time=12h name=vlan10
45add address-pool=Vlan11 disabled=no interface=vlan11 lease-time=12h name=vlan11
46add address-pool=Vlan12 disabled=no interface=vlan12 lease-time=12h name=vlan12
47add address-pool=Vlan13 disabled=no interface=vlan13 lease-time=12h name=vlan13
48add address-pool=Vlan14 disabled=no interface=vlan14 lease-time=12h name=vlan14
49add address-pool=Vlan15 disabled=no interface=vlan15 lease-time=12h name=vlan15
50add address-pool=Vlan16 disabled=no interface=vlan16 lease-time=12h name=vlan16
51add address-pool=Vlan20 disabled=no interface=vlan20 lease-time=12h name=vlan20
52add address-pool=Vlan50 disabled=no interface=vlan50 lease-time=12h name=vlan50
53/ppp profile
54add local-address=Vlan50 name=VPN remote-address=Vlan50
55/interface l2tp-client
56add allow=mschap2 connect-to=95.78.164.203 name=L2TP-MegaService profile=VPN use-ipsec=yes user=DeusEx
57/interface pptp-client
58add allow=mschap2 connect-to=95.78.164.203 name=PPTP-MegaService profile=VPN user=DeusEx
59/interface bridge port
60add auto-isolate=yes bridge=bridge comment=defconf interface=ether2
61add auto-isolate=yes bridge=bridge comment=defconf interface=ether3
62add auto-isolate=yes bridge=bridge comment=defconf interface=ether4 pvid=10
63add auto-isolate=yes bridge=bridge comment=defconf interface=ether5
64add auto-isolate=yes bridge=bridge comment=defconf interface=wlan1
65add auto-isolate=yes bridge=bridge interface=wlan2
66/ip neighbor discovery-settings
67set discover-interface-list=WAN
68/interface bridge vlan
69add bridge=bridge untagged=bridge vlan-ids=""
70add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=10
71add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=11
72add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=12
73
74Александр Ковалевич, [04.01.20 23:30]
75add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=13
76add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=14
77add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=15
78add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=16
79add bridge=bridge tagged=bridge,ether2,ether3 untagged=ether4 vlan-ids=20
80add bridge=wlan2 tagged=wlan2,vlan20,ether4 vlan-ids=20
81/interface detect-internet
82set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
83/interface l2tp-server server
84set authentication=mschap2 default-profile=VPN enabled=yes use-ipsec=yes
85/interface list member
86add comment=defconf interface=bridge list=LAN
87add comment=defconf interface=ether1 list=WAN
88add interface=vlan10 list=LAN
89add interface=vlan11 list=LAN
90add interface=vlan12 list=LAN
91add interface=vlan13 list=LAN
92add interface=vlan14 list=LAN
93add interface=vlan15 list=LAN
94add interface=vlan16 list=LAN
95add interface=vlan20 list=LAN
96add interface=vlan50 list=LAN
97/interface ovpn-server server
98set auth=sha1 certificate=SRV cipher=blowfish128,aes128,aes192,aes256 default-profile=VPN enabled=yes
99/interface pptp-server server
100set authentication=mschap2 default-profile=VPN enabled=yes
101/ip address
102add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
103add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
104add address=192.168.11.1/24 interface=vlan11 network=192.168.11.0
105add address=192.168.12.1/24 interface=vlan12 network=192.168.12.0
106add address=192.168.13.1/24 interface=vlan13 network=192.168.13.0
107add address=192.168.14.1/24 interface=vlan14 network=192.168.14.0
108add address=192.168.15.1/24 interface=vlan15 network=192.168.15.0
109add address=192.168.16.1/24 interface=vlan16 network=192.168.16.0
110add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
111add address=192.168.50.1/24 comment=VPN interface=vlan50 network=192.168.50.0
112/ip dhcp-client
113add comment=defconf disabled=no interface=ether1
114/ip dhcp-server lease
115add address=192.168.20.3 client-id=1:bc:ae:c5:3:dc:fe comment=KVM mac-address=BC:AE:C5:03:DC:FE server=vlan20
116add address=192.168.1.4 client-id=1:80:fa:5b:e:c5:e4 comment="NoteBook Lan" mac-address=80:FA:5B:0E:C5:E4 server=vlan1
117add address=192.168.1.3 client-id=1:a8:9c:ed:3b:7f:3 comment="DeusEx Phone" mac-address=A8:9C:ED:3B:7F:03 server=vlan1
118add address=192.168.14.2 client-id=1:2c:7:3c:0:1b:eb comment=Registrator mac-address=2C:07:3C:00:1B:EB server=vlan14
119add address=192.168.14.3 client-id=1:9c:14:63:c9:64:e1 comment=Camera1 mac-address=9C:14:63:C9:64:E1 server=vlan14
120add address=192.168.10.2 client-id=1:0:24:8c:e:e1:c8 comment="ESXi 1" mac-address=00:24:8C:0E:E1:C8 server=vlan10
121add address=192.168.20.2 client-id=cisco-58bf.ea91.60c1-Vl20 comment=Switch mac-address=58:BF:EA:91:60:C1 server=vlan20
122add address=192.168.20.4 client-id=1:0:c:29:b2:5c:10 comment=VCSA mac-address=00:0C:29:B2:5C:10 server=vlan20
123add address=192.168.11.5 comment=A510-IP mac-address=7C:2F:80:5F:E2:18 server=vlan11
124add address=192.168.11.3 client-id=1:38:3f:10:0:bd:cc comment=Goip-4 mac-address=38:3F:10:00:BD:CC server=vlan11
125add address=192.168.11.4 client-id=1:0:15:65:3f:52:e comment=SIP-T26P mac-address=00:15:65:3F:52:0E server=vlan11
126add address=192.168.13.2 client-id=1:0:50:56:8d:d0:8f comment=DC mac-address=00:50:56:8D:D0:8F server=vlan13
127add address=192.168.13.3 client-id=1:0:50:56:8d:e2:8b comment=SQL mac-address=00:50:56:8D:E2:8B server=vlan13
128add address=192.168.13.4 client-id=1:0:50:56:8d:fb:c2 comment=FS mac-address=00:50:56:8D:FB:C2 server=vlan13
129add address=192.168.20.5 client-id=1:0:c0:b7:96:51:f7 comment=APC mac-address=00:C0:B7:96:51:F7 server=vlan20
130add address=192.168.13.5 client-id=1:0:50:56:9c:7:50 comment=1C mac-address=00:50:56:9C:07:50 server=vlan13
131add address=192.168.20.6 comment=PCNS mac-address=00:50:56:9C:7B:9F server=vlan20
132add address=192.168.12.2 comment=Site mac-address=00:50:56:9C:01:A4 server=vlan12
133add address=192.168.1.254 client-id=1:88:5a:92:a7:6c:a5 comment=AccessPoint mac-address=88:5A:92:A7:6C:A5 server=vlan1
134
135Александр Ковалевич, [04.01.20 23:30]
136/system identity
137set name="DeusEx Home"
138/tool mac-server
139set allowed-interface-list=LAN
140/tool mac-server mac-winbox
141set allowed-interface-list=LAN
142/tool romon
143set enabled=yes
144
145Александр Ковалевич, [04.01.20 23:30]
146add address=192.168.1.5 client-id=1:ec:5c:68:7b:7a:85 comment=TV mac-address=EC:5C:68:7B:7A:85 server=vlan1
147add address=192.168.11.2 comment=SIP mac-address=00:50:56:2E:A6:BD server=vlan11
148/ip dhcp-server network
149add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1
150add address=192.168.10.0/24 gateway=192.168.10.1
151add address=192.168.11.0/24 dhcp-option=*1 gateway=192.168.11.1 netmask=24
152add address=192.168.12.0/24 gateway=192.168.12.1 netmask=24
153add address=192.168.13.0/24 dns-server=192.168.13.2,192.168.13.1 domain=office.it-sis.ru gateway=192.168.13.1 netmask=24 wins-server=192.168.13.2
154add address=192.168.14.0/24 gateway=192.168.14.1
155add address=192.168.15.0/24 gateway=192.168.15.1
156add address=192.168.16.0/24 gateway=192.168.16.1
157add address=192.168.20.0/24 gateway=192.168.20.1
158add address=192.168.50.0/24 gateway=192.168.50.1
159/ip dns
160set allow-remote-requests=yes cache-size=20480KiB
161/ip dns static
162add address=192.168.1.1 comment=defconf name=router.lan
163add address=192.168.20.4 name=vcsa.office.it-sis.ru
164add address=192.168.10.2 name=esxi.office.it-sis.ru
165add address=192.168.13.2 name=dc.office.it-sis.ru
166add address=192.168.13.3 name=sql.office.it-sis.ru
167add address=192.168.13.4 name=fs.office.it-sis.ru
168add address=192.168.13.5 name=1c.office.it-sis.ru
169/ip firewall filter
170add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
171add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
172add action=drop chain=forward comment="Drop BlackList" in-interface-list=WAN src-address-list=BlackList
173add action=drop chain=forward comment="drop SIP brute forcers" in-interface-list=WAN src-address-list=SIP_blacklist
174add action=add-src-to-address-list address-list=SIP_blacklist address-list-timeout=none-dynamic chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp \
175    src-address-list=SIP_stage3
176add action=add-src-to-address-list address-list=SIP_stage3 address-list-timeout=1h chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp src-address-list=\
177    SIP_stage2
178add action=add-src-to-address-list address-list=SIP_stage2 address-list-timeout=1h chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp src-address-list=\
179    SIP_stage1
180add action=add-src-to-address-list address-list=SIP_stage1 address-list-timeout=1h chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp src-address=0.0.0.0/0
181add action=drop chain=input comment="drop ssh brute forcers" in-interface-list=WAN protocol=tcp src-address-list=SSH_blacklist
182add action=add-src-to-address-list address-list=SSH_blacklist address-list-timeout=none-dynamic chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp src-address-list=\
183    SSH_stage3
184add action=add-src-to-address-list address-list=SSH_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp src-address-list=SSH_stage2
185add action=add-src-to-address-list address-list=SSH_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp src-address-list=SSH_stage1
186add action=add-src-to-address-list address-list=SSH_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp
187add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
188add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
189add action=accept chain=input comment=PPTP dst-port=1723 protocol=tcp
190add action=accept chain=input protocol=gre
191add action=accept chain=input comment=L2TP port=1701,500,4500 protocol=udp
192add action=accept chain=input protocol=ipsec-esp
193add action=accept chain=input comment=OVPN dst-port=1194 protocol=tcp
194add action=accept chain=forward comment=DevLine dst-port=9786 protocol=tcp
195
196Александр Ковалевич, [04.01.20 23:30]
197add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
198add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
199add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
200add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
201add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
202add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
203add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
204add action=accept chain=input comment="Accept port`s WAN TCP" disabled=yes dst-port=53 in-interface=ether1 protocol=tcp
205add action=accept chain=input disabled=yes dst-port=80 in-interface=ether1 protocol=tcp
206add action=accept chain=input disabled=yes dst-port=443 in-interface=ether1 protocol=tcp
207add action=accept chain=input disabled=yes dst-port=873 in-interface=ether1 protocol=tcp
208add action=accept chain=input disabled=yes dst-port=2221 in-interface=ether1 protocol=tcp
209add action=accept chain=input disabled=yes dst-port=8887 in-interface=ether1 protocol=tcp
210add action=accept chain=input disabled=yes dst-port=8888 in-interface=ether1 protocol=tcp
211add action=accept chain=input disabled=yes dst-port=9090 in-interface=ether1 protocol=tcp
212add action=accept chain=input disabled=yes dst-port=9998 in-interface=ether1 protocol=tcp
213add action=accept chain=input disabled=yes dst-port=9999 in-interface=ether1 protocol=tcp
214add action=accept chain=input disabled=yes dst-port=50000 in-interface=ether1 protocol=tcp
215add action=accept chain=input disabled=yes dst-port=50001 in-interface=ether1 protocol=tcp
216add action=accept chain=input comment="Accept port`s WAN UDP" disabled=yes dst-port=53 in-interface=ether1 protocol=udp
217add action=accept chain=input disabled=yes dst-port=80 in-interface=ether1 protocol=udp
218add action=accept chain=input disabled=yes dst-port=443 in-interface=ether1 protocol=udp
219add action=accept chain=input disabled=yes dst-port=873 in-interface=ether1 protocol=udp
220add action=accept chain=input disabled=yes dst-port=2221 in-interface=ether1 protocol=udp
221add action=accept chain=input disabled=yes dst-port=8887 in-interface=ether1 protocol=udp
222add action=accept chain=input disabled=yes dst-port=8888 in-interface=ether1 protocol=udp
223add action=accept chain=input disabled=yes dst-port=9999 in-interface=ether1 protocol=udp
224add action=accept chain=input disabled=yes dst-port=50000 in-interface=ether1 protocol=udp
225add action=accept chain=input disabled=yes dst-port=50001 in-interface=ether1 protocol=udp
226add action=accept chain=input disabled=yes dst-port=5004-5082,10000-20000 in-interface=ether1 protocol=udp
227add action=accept chain=forward comment="Accept port`s WAN TCP" disabled=yes dst-port=53 in-interface=ether1 protocol=tcp
228add action=accept chain=forward disabled=yes dst-port=80 in-interface=ether1 protocol=tcp
229add action=accept chain=forward disabled=yes dst-port=443 in-interface=ether1 protocol=tcp
230add action=accept chain=forward disabled=yes dst-port=873 in-interface=ether1 protocol=tcp
231add action=accept chain=forward disabled=yes dst-port=2221 in-interface=ether1 protocol=tcp
232add action=accept chain=forward disabled=yes dst-port=8887 in-interface=ether1 protocol=tcp
233add action=accept chain=forward disabled=yes dst-port=8888 in-interface=ether1 protocol=tcp
234add action=accept chain=forward disabled=yes dst-port=9090 in-interface=ether1 protocol=tcp
235add action=accept chain=forward disabled=yes dst-port=9998 in-interface=ether1 protocol=tcp
236add action=accept chain=forward disabled=yes dst-port=9999 in-interface=ether1 protocol=tcp
237add action=accept chain=forward disabled=yes dst-port=50000 in-interface=ether1 protocol=tcp
238add action=accept chain=forward disabled=yes dst-port=50001 in-interface=ether1 protocol=tcp
239
240Александр Ковалевич, [04.01.20 23:30]
241add action=accept chain=forward comment="Accept port`s WAN UDP" disabled=yes dst-port=53 in-interface=ether1 protocol=udp
242add action=accept chain=forward disabled=yes dst-port=80 in-interface=ether1 protocol=udp
243add action=accept chain=forward disabled=yes dst-port=443 in-interface=ether1 protocol=udp
244add action=accept chain=forward disabled=yes dst-port=873 in-interface=ether1 protocol=udp
245add action=accept chain=forward disabled=yes dst-port=2221 in-interface=ether1 protocol=udp
246add action=accept chain=forward disabled=yes dst-port=8000 in-interface=ether1 protocol=udp
247add action=accept chain=forward disabled=yes dst-port=8887 in-interface=ether1 protocol=udp
248add action=accept chain=forward disabled=yes dst-port=8888 in-interface=ether1 protocol=udp
249add action=accept chain=forward disabled=yes dst-port=9999 in-interface=ether1 protocol=udp
250add action=accept chain=forward disabled=yes dst-port=50000 in-interface=ether1 protocol=udp
251add action=accept chain=forward disabled=yes dst-port=50001 in-interface=ether1 protocol=udp
252add action=accept chain=forward disabled=yes dst-port=5004-5082,10000-20000 protocol=udp
253/ip firewall nat
254add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
255add action=dst-nat chain=dstnat comment=Site dst-address=55.55.55.55 dst-port=80 protocol=tcp to-addresses=192.168.12.2
256add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=443 protocol=tcp to-addresses=192.168.12.2
257add action=dst-nat chain=dstnat comment=DevLine dst-address=55.55.55.55 dst-port=9786 protocol=tcp to-addresses=192.168.12.2
258add action=masquerade chain=srcnat comment="Client 1C" dst-port=9090 protocol=tcp
259add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=9090 protocol=tcp to-addresses=192.168.13.5
260add action=dst-nat chain=dstnat comment="DNS for DC" dst-address=55.55.55.55 dst-port=53 protocol=tcp to-addresses=192.168.13.2
261add action=masquerade chain=srcnat comment="Eset Rules" dst-address=55.55.55.55 dst-port=2221 protocol=tcp src-address=192.168.13.0/24
262add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=2221 protocol=tcp to-addresses=192.168.13.4
263add action=masquerade chain=srcnat comment="RDP ELENA" dst-address=55.55.55.55 dst-port=50001 protocol=tcp src-address=192.168.13.0/24
264add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=50001 protocol=tcp to-addresses=192.168.13.5 to-ports=3389
265add action=dst-nat chain=dstnat comment="SSH to 192.168.11.2 > 22" dst-address=55.55.55.55 dst-port=9999 protocol=tcp to-addresses=192.168.11.2 to-ports=22
266add action=masquerade chain=srcnat comment=Rsync dst-address=55.55.55.55 dst-port=873 protocol=tcp src-address=192.168.13.0/24
267add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=873 protocol=tcp to-addresses=192.168.13.4 to-ports=873
268add action=masquerade chain=srcnat comment="Loop To Local TCP" disabled=yes dst-address=55.55.55.55 dst-port=53 protocol=tcp src-address=192.168.1.0/24
269add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=80 protocol=tcp src-address=192.168.1.0/24
270add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=443 protocol=tcp src-address=192.168.1.0/24
271add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=8000 protocol=tcp src-address=192.168.1.0/24
272add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9090 protocol=tcp src-address=192.168.1.0/24
273add action=masquerade chain=srcnat comment=DevLine disabled=yes dst-address=55.55.55.55 dst-port=9786 protocol=tcp src-address=192.168.1.0/24
274add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9999 protocol=tcp src-address=192.168.1.0/24
275add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=tcp src-address=192.168.1.0/24
276add action=masquerade chain=srcnat comment="Loop To Local UDP" disabled=yes dst-address=55.55.55.55 dst-port=53 protocol=udp src-address=192.168.1.0/24
277
278Александр Ковалевич, [04.01.20 23:30]
279add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=80 protocol=udp src-address=192.168.1.0/24
280add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=443 protocol=udp src-address=192.168.1.0/24
281add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=873 protocol=udp src-address=192.168.1.0/24
282add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=2221 protocol=udp src-address=192.168.1.0/24
283add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9998 protocol=udp src-address=192.168.1.0/24
284add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9999 protocol=udp src-address=192.168.1.0/24
285add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=udp src-address=192.168.1.0/24
286add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=50001 protocol=udp src-address=192.168.1.0/24
287add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=5004-5082,10000-20000 protocol=udp src-address=192.168.1.0/24
288add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=5900 protocol=tcp to-addresses=192.168.100.10
289add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=8000 protocol=tcp to-addresses=192.168.1.220
290add action=dst-nat chain=dstnat comment="UAH RDP" disabled=yes dst-address=55.55.55.55 dst-port=5000 protocol=tcp to-addresses=192.168.2.2 to-ports=3389
291add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=9999 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.100 to-ports=22
292add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=9998 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.154 to-ports=22
293add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=tcp to-addresses=192.168.1.150 to-ports=3389
294add action=dst-nat chain=dstnat comment="DST-NAT UDP" disabled=yes dst-address=55.55.55.55 dst-port=53 protocol=udp to-addresses=192.168.1.150
295add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=80 protocol=udp to-addresses=192.168.1.154
296add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=443 protocol=udp to-addresses=192.168.1.154
297add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=873 protocol=udp to-addresses=192.168.1.152 to-ports=873
298add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=2221 protocol=udp to-addresses=192.168.1.152
299add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=5060 protocol=udp to-addresses=192.168.1.100
300add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=udp to-addresses=192.168.1.150 to-ports=3389
301add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=50001 protocol=udp to-addresses=192.168.1.153 to-ports=3389
302add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=5004-5082,10000-20000 protocol=udp to-addresses=192.168.1.100
303/ip firewall service-port
304set ftp disabled=yes
305set tftp disabled=yes
306set irc disabled=yes
307set h323 disabled=yes
308set sip sip-timeout=10m
309set udplite disabled=yes
310set dccp disabled=yes
311set sctp disabled=yes
312/ip route
313add distance=100 dst-address=192.168.10.0/24 gateway=PPTP-MegaService
314add distance=100 dst-address=192.168.10.0/24 gateway=L2TP-MegaService
315/ip route rule
316add action=unreachable disabled=yes dst-address=192.168.10.0/24 src-address=192.168.1.0/24
317add action=unreachable disabled=yes dst-address=192.168.1.0/24 src-address=192.168.10.0/24
318/ip service
319set telnet disabled=yes
320set ftp disabled=yes
321set www address=192.168.20.0/24,192.168.1.0/24
322set ssh address=192.168.20.0/24
323set api disabled=yes
324set winbox address=192.168.20.0/24,192.168.1.0/24
325set api-ssl disabled=yes
326/ip smb
327set domain=WORKGROUP
328/ppp secret
329add name=DeusEx profile=VPN
330/system clock
331set time-zone-name=Asia/Yekaterinburg