File: /home/posscale/public_html/aastra/BACKUP-POS_Scales-2021jul29-212043.rsc
# jul/29/2021 21:20:44 by RouterOS 6.48
# software id = IV33-Y7WA
#
# model = RouterBOARD 750 r2
# serial number = 67D4074D4CDC
/interface ethernet
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"Port 2 Phone system"
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"Port4 Office PC Network"
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"Test Bench Port 3"
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"ether1 TPG Internet"
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface l2tp-client
add connect-to=3.106.179.83 disabled=no ipsec-secret=!Pss.974082** name=\
MT-Management-VPN password=Pss.974082** use-ipsec=yes user=posscales
/interface pptp-client
add connect-to=us355.nordvpn.com mrru=1600 name=NordVPN-out1-out1 password=\
Pss.251255** user=jloeken@posscales.com.au
/interface vlan
add interface="ether1 TPG Internet" name=vlan100 vlan-id=100
/interface ovpn-client
add certificate=us708.nordvpn.com.tcp443.ovpn_0 connect-to=104.152.46.84 \
disabled=yes mac-address=02:B8:6A:2A:14:63 name=NOrd-OVPN-out1 password=\
Pss.251255** port=443 user=jloeken@posscales.com.au
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity="POS Scales"
add authentication-types=wpa-eap eap-methods=eap-tls management-protection=\
allowed mode=dynamic-keys name=profile1 radius-eap-accounting=yes \
radius-mac-accounting=yes radius-mac-authentication=yes \
supplicant-identity=""
/ip dhcp-server
add authoritative=after-2sec-delay disabled=no interface=\
"Port 2 Phone system" name=defconf
/ip dhcp-server option
add code=66 name=66 value=\
"'https://adept-3cx.voipitup.com.au/provisioning/gqofw8t294bqo0'"
add code=66 name="PSS TFTP 66" value="'192.168.0.1'"
add code=66 name="jason PC" value="'192.168.0.20'"
add code=66 name="Mikrotik tftp" value="'192.168.0.254'"
add code=66 name="66 Ready Movers" value=\
"'https://rm-3cx.voipitup.com.au/provisioning/ezj7wrwg1f'"
add code=66 name=PBX2-3cx value=\
"'https://pbx2-3cx.voipitup.com.au/provisioning/lrbvvfvg1e'"
add code=43 name=PSS-UniFi-Controller value="'3.105.22.41'"
/ip kid-control
add name=kid1
/ip pool
add name="DHCP 1" ranges=192.168.1.100-192.168.1.250
add name="DHCP 2" ranges=192.168.2.100-192.168.2.200
add name="DHCP 3" ranges=192.168.3.100-192.168.3.200
add name=dhcp_pool1 ranges=192.168.0.30-192.168.0.99
add name=dhcp_pool5 ranges=192.168.5.50-192.168.5.254
/ip dhcp-server
add address-pool="DHCP 3" authoritative=after-2sec-delay disabled=no \
interface="Test Bench Port 3" name=server1
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface="Port4 Office PC Network" name=dhcp1
add address-pool=dhcp_pool5 disabled=no interface=ether5 name=dhcp2
/interface l2tp-client
add connect-to=13.237.137.170 ipsec-secret="\$F3Yz#w8#qBsn73t" name=\
"Test To AMAZON TLC" password="\$dgt4437" profile=default use-ipsec=yes \
user=TLC-Manage
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/ip firewall connection tracking
set udp-stream-timeout=10m udp-timeout=1m10s
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add interface="Port 2 Phone system" list=discover
add interface="Test Bench Port 3" list=discover
add interface="Port4 Office PC Network" list=discover
add interface=ether5 list=discover
add interface=NordVPN-out1-out1 list=discover
add interface=NOrd-OVPN-out1 list=discover
add interface="Port 2 Phone system" list=mactel
add interface="Port 2 Phone system" list=mac-winbox
add interface=vlan100 list=WAN
/ip address
add address=192.168.1.1/24 comment=LAN interface="Port 2 Phone system" \
network=192.168.1.0
add address=61.69.57.74/30 comment=WAN interface=vlan100 network=61.69.57.72
add address=192.168.3.1/24 interface="Test Bench Port 3" network=192.168.3.0
add address=192.168.0.254/24 comment="Pss office network" interface=\
"Port4 Office PC Network" network=192.168.0.0
add address=192.168.5.5/24 disabled=yes interface="ether1 TPG Internet" \
network=192.168.5.0
add address=192.168.20.254/24 interface="Port4 Office PC Network" network=\
192.168.20.0
add address=192.168.5.2/24 disabled=yes interface="Port4 Office PC Network" \
network=192.168.5.0
add address=192.168.7.101/24 interface="Port4 Office PC Network" network=\
192.168.7.0
add address=192.168.5.1/24 disabled=yes interface=ether5 network=192.168.5.0
add address=192.168.2.1/24 comment=LAN interface="Port4 Office PC Network" \
network=192.168.2.0
add address=192.168.1.99/24 interface="Port4 Office PC Network" network=\
192.168.1.0
/ip arp
add address=192.168.0.203 interface="Port4 Office PC Network" mac-address=\
00:0B:82:7B:71:DB
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no comment=defconf interface="Port4 Office PC Network"
/ip dhcp-server lease
add address=192.168.0.54 client-id=1:fc:aa:14:78:b9:37 mac-address=\
FC:AA:14:78:B9:37 server=dhcp1
add address=192.168.0.41 client-id=1:0:15:65:cb:e2:8a comment=\
"Ready Movers Phone setup Before Going to Site" dhcp-option=\
"66 Ready Movers" mac-address=00:15:65:CB:E2:8A server=dhcp1
add address=192.168.0.70 client-id=1:f4:a9:97:8a:9d:43 mac-address=\
F4:A9:97:8A:9D:43 server=dhcp1
add address=192.168.0.49 client-id=1:b8:27:eb:e:97:f7 mac-address=\
B8:27:EB:0E:97:F7 server=dhcp1
add address=192.168.0.74 client-id=1:0:15:65:95:c7:e5 dhcp-option=PBX2-3cx \
mac-address=00:15:65:95:C7:E5 server=dhcp1
add address=192.168.0.203 allow-dual-stack-queue=no always-broadcast=yes \
client-id=00:0B:82:7B:71:DB dhcp-option="jason PC" mac-address=\
00:0B:82:7B:71:DB
add address=192.168.0.150 client-id=1:e2:fb:4d:a0:30:b3 mac-address=\
E2:FB:4D:A0:30:B3 server=dhcp1
add address=192.168.0.77 client-id=1:b8:27:eb:7:4b:8b mac-address=\
B8:27:EB:07:4B:8B server=dhcp1
add address=192.168.2.69 client-id=1:f4:92:bf:89:da:21 mac-address=\
F4:92:BF:89:DA:21 server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 dhcp-option="PSS TFTP 66" dns-server=192.168.0.254 \
gateway=192.168.0.254
add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=192.168.2.1,8.8.8.8 gateway=192.168.2.1 \
netmask=24
add address=192.168.3.0/24 dhcp-option="Mikrotik tftp" dns-server=192.168.3.1 \
gateway=192.168.3.1 netmask=24
add address=192.168.20.0/24 dns-server=1.1.1.1 gateway=192.168.20.254 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=\
203.8.183.1,1.1.1.1,8.8.8.8,192.189.54.33
/ip dns static
add address=192.168.1.1 name=router
add address=3.105.22.41 name=unifi
/ip firewall address-list
add address=52.62.206.142 list=3cx_PBX
add address=54.79.1.213 list=3cx_PBX
add address=119.18.45.83 list=3cx_PBX
add address=192.168.0.49 disabled=yes list=vpn
add address=192.168.0.38 disabled=yes list=vpn
add address=192.168.0.75 list=vpn
add address=185.222.211.50 list=blacklist
add address=58.107.0.0/16 list=SIP
add address=35.189.35.225 list=SIP
add address=139.99.140.153 list=SIP
add address=139.99.140.152 list=SIP
add address=35.189.44.220 list=SIP
add address=35.189.47.13 list=SIP
add address=82.205.1.238 list=SIP
add address=124.150.0.0/16 list=SIP
add address=208.73.211.69 list=SIP
add address=203.161.160.69 list=SIP
add address=203.161.160.70 list=SIP
add address=203.161.166.71 list=SIP
add address=203.161.160.0/20 list=SIP
add address=223.252.35.13 list=SIP
add address=120.151.55.184 list=SIP
add address=27.111.14.65 list=SIP
add address=203.118.156.197 list=SIP
add address=27.111.14.0/24 list=SIP
add address=110.23.95.16 list=SIP
add address=220.233.0.0/24 list=SIP
add address=202.61.12.230 list=SIP
add address=202.61.13.102 list=SIP
add address=203.161.164.69 list=SIP
add address=61.69.57.74 list=SIP
add address=61.69.5.128/30 list=SIP
add address=61.69.5.130 list=SIP
add address=192.168.1.0/24 list=SIP
add address=172.30.0.0/24 list=SIP
add address=103.77.233.190 comment="VoIP IT UP" list=SIP
add address=35.244.94.36 comment="VoIP IT UP" list=SIP
add address=101.0.113.238 comment="VoIP IT UP" list=SIP
add address=35.197.165.191 comment="VoIP IT UP" list=SIP
add address=103.77.233.107 comment="VoIP IT UP" list=SIP
add address=35.201.30.11 comment="VoIP IT UP" list=SIP
add address=35.197.168.74 comment="VoIP IT UP (FAX RTP)" list=SIP
add address=35.189.26.1 comment="VoIP IT UP" list=SIP
add address=192.168.0.0/24 list=SIP
add address=192.168.20.0/24 list=SIP
add address=13.237.86.40 list=3cx_PBX
add address=3.104.169.66 list=3cx_PBX
add address=52.65.160.212 comment="FMM.3cx test PBX as A softswitch" list=sip
add address=203.63.96.24/29 comment="AAPT BizPhone WEB" disabled=yes list=\
SIP2
add address=203.185.248.15 comment="AAPT BizPhone sip rtp" disabled=yes list=\
SIP2
add address=202.92.115.50 comment="AAPT BizPhone sip rtp" disabled=yes list=\
SIP2
add address=203.63.96.15 comment="AAPT BizPhone sip rtp" disabled=yes list=\
SIP2
add address=203.185.196.15 comment="AAPT BizPhone sip rtp" disabled=yes list=\
SIP2
add address=210.87.54.15 comment="AAPT BizPhone sip rtp" disabled=yes list=\
SIP2
add address=210.9.35.6 comment="AAPT BizPhone sip rtp" disabled=yes list=SIP2
add address=210.9.35.134 comment="AAPT BizPhone sip rtp" disabled=yes list=\
SIP2
add address=103.26.173.0/24 comment="NETSIP OTW" list=SIP
add address=103.26.174.0/24 comment="NETSIP OTW" list=SIP
add address=103.26.175.0/24 comment="NETSIP OTW" list=SIP
add address=60.240.192.44 comment="Dads new NBN At home" list=SIP
add address=52.65.160.212 list=3cx_PBX
add address=54.206.134.9 list=3cx_PBX
add address=103.26.172.0/24 comment="NETSIP OTW" list=SIP
add address=38.108.185.64 comment=Opendrive disabled=yes list="Labeled only"
add address=52.63.117.16 comment=Supernetics list=3cx_PBX
add address=3.105.22.41 comment="Unifi SERVER" list=SIP2
add address=3.25.15.255 comment="Sandstone World 3cx PBX" list=3cx_PBX
add address=13.237.181.178 comment="SmartAir 3cx" list=3cx_PBX
/ip firewall filter
add action=accept chain=forward disabled=yes protocol=udp src-port=\
33434-33625
add action=drop chain=forward comment="EVE PC MAC Drop " disabled=yes \
in-interface="Port4 Office PC Network" src-mac-address=60:A4:4C:41:13:16
add action=drop chain=forward comment="EVE School Laptop MAC Drop " disabled=\
yes in-interface="Port4 Office PC Network" src-mac-address=\
F0:D5:BF:4D:C4:84
add action=drop chain=forward comment="EVE Realme 6 MAC " disabled=yes \
in-interface="Port4 Office PC Network" src-mac-address=EA:5A:B9:84:A0:6C
add action=drop chain=forward comment="ChromeCast-Ultra MAC BLOCK " \
disabled=yes in-interface="Port4 Office PC Network" src-mac-address=\
44:09:B8:66:97:AA
add action=drop chain=forward comment="ChromeCast MAC BLOCK " disabled=yes \
in-interface="Port4 Office PC Network" src-mac-address=38:8B:59:92:96:4B
add action=drop chain=forward comment=\
"Jayden PC MAC Drop During School Hours" disabled=yes in-interface=\
"Port4 Office PC Network" src-mac-address=8C:89:A5:16:98:F4
add action=drop chain=forward comment="Jayden TABLET MAC Drop" disabled=yes \
in-interface="Port4 Office PC Network" src-mac-address=54:27:58:6D:20:A0
add action=drop chain=forward comment="Jayden Armor 8 Phone MAC Drop" \
disabled=yes in-interface="Port4 Office PC Network" src-mac-address=\
42:8B:D0:C8:37:27
add action=drop chain=forward comment=\
"Mitchell PC MAC Drop During School Hours" disabled=yes in-interface=\
"Port4 Office PC Network" src-mac-address=6C:F0:49:7D:86:3D
add action=drop chain=forward comment="Mitchell Tablet MAC Drop " disabled=\
yes in-interface="Port4 Office PC Network" src-mac-address=\
D0:F8:8C:F4:B1:60
add action=drop chain=forward comment="Mitchell School Laptop MAC Drop " \
disabled=yes in-interface="Port4 Office PC Network" src-mac-address=\
5C:BA:EF:4D:7A:E9
add action=accept chain=forward out-interface=vlan100 src-address=\
192.168.5.20
add action=drop chain=input dst-port=53 in-interface=vlan100 log=yes \
protocol=tcp
add action=drop chain=input dst-port=53 in-interface=vlan100 protocol=udp
add action=drop chain=forward in-interface=vlan100 log=yes log-prefix=\
"Black LIST DROP: " src-address-list=blacklist
add action=drop chain=forward comment="Print Spooler Hacker Protection" \
dst-port=135,442 log=yes log-prefix="HACKER BLOCKED >>>" \
out-interface-list=WAN protocol=udp
add action=drop chain=output comment="Print Spooler Hacker Protection" \
dst-port=135,442 log=yes log-prefix="HACKER BLOCKED >>>" \
out-interface-list=WAN protocol=udp
add action=drop chain=forward comment="Print Spooler Hacker Protection" \
dst-port=135,442 log=yes log-prefix="HACKER BLOCKED >>>" \
out-interface-list=WAN protocol=tcp
add action=accept chain=forward disabled=yes in-interface=NordVPN-out1-out1
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=forward in-interface-list=discover \
out-interface-list=WAN
add action=accept chain=forward comment="SIP Port" in-interface=vlan100 \
src-address-list=SIP2
add action=accept chain=forward comment="SIP Port" dst-port=5062 \
in-interface=vlan100 protocol=udp
add action=accept chain=forward comment="SIP Port" dst-port=5090 \
in-interface=vlan100 protocol=udp
add action=accept chain=forward comment="SIP Port" dst-port=5090 \
in-interface=vlan100 protocol=tcp
add action=accept chain=forward dst-port=5062 in-interface=vlan100 protocol=\
tcp
add action=accept chain=forward disabled=yes dst-port=80 in-interface=vlan100 \
protocol=tcp
add action=accept chain=forward dst-port=645 in-interface=vlan100 protocol=\
tcp
add action=accept chain=forward dst-port=6500-6599 in-interface=vlan100 \
protocol=tcp
add action=accept chain=forward dst-port=6500-6599 in-interface=vlan100 \
protocol=udp
add action=accept chain=forward comment="Miner 1" disabled=yes log-prefix=\
"Miner 1 DATA Invalid\?\? allowed.. : " src-address=192.168.0.59
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="defconf: accept established,related" \
disabled=yes in-interface="ether1 TPG Internet" log=yes src-address=\
13.237.137.170
add action=accept chain=forward comment="RDP Port to server" dst-port=5952 \
in-interface=vlan100 log=yes log-prefix="RDP Fire wall" protocol=tcp
add action=accept chain=forward dst-port=5955 in-interface=vlan100 protocol=\
tcp
add action=accept chain=forward dst-port=2005 in-interface=vlan100 protocol=\
tcp
add action=accept chain=forward dst-port=5900 in-interface=vlan100 log=yes \
log-prefix="PORT443 ::::: " protocol=tcp
add action=accept chain=forward comment="SIP Port" dst-port=5060 \
in-interface=vlan100 protocol=udp src-address-list=SIP
add action=accept chain=forward comment="SIP Port" in-interface=vlan100 \
src-address=54.79.1.213
add action=accept chain=forward comment="SIP Port" in-interface=vlan100 \
src-address=118.127.61.58
add action=accept chain=forward comment="Voice RTP Port" dst-port=6000-6399 \
in-interface=vlan100 protocol=udp
add action=accept chain=forward comment="Geovision Port" dst-port=56000 \
in-interface=vlan100 protocol=tcp
add action=accept chain=forward comment="Geovision Port" dst-port=9999 \
in-interface=vlan100 protocol=tcp
add action=accept chain=forward disabled=yes dst-port=6050 in-interface=\
vlan100 protocol=udp
add action=accept chain=input comment="Winbox Wan Access" dst-port=8291 \
in-interface="Port4 Office PC Network" protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=vlan100
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid in-interface-list=WAN log=yes log-prefix=\
"Invalid DROP Rule:: "
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list=WAN log=yes log-prefix="FireWall Drop - NEW"
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface="ether1 TPG Internet"
add action=accept chain=output out-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting comment="NORD VPN" disabled=yes \
new-routing-mark=vpn passthrough=yes src-address-list=vpn
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" disabled=yes \
dst-address=192.168.0.0/24 src-address=192.168.0.0/24
add action=masquerade chain=srcnat dst-address=10.11.3.0/24 out-interface=\
MT-Management-VPN
add action=masquerade chain=srcnat dst-address=10.10.0.0/22 out-interface=\
MT-Management-VPN
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=vlan100
add action=dst-nat chain=dstnat dst-port=69 log=yes log-prefix=\
"GRANDSTREAM: " protocol=udp src-address=192.168.0.203 to-addresses=\
192.168.0.20
add action=dst-nat chain=dstnat comment="Test PBX" disabled=yes in-interface=\
vlan100 log-prefix="PBX: " src-address-list=SIP2 to-addresses=\
192.168.5.20
add action=dst-nat chain=dstnat comment="Test PBX" disabled=yes dst-port=5062 \
in-interface=vlan100 log-prefix="PBX: " protocol=tcp to-addresses=\
192.168.5.20
add action=dst-nat chain=dstnat disabled=yes dst-port=645 in-interface=\
vlan100 log-prefix="PBX: " protocol=tcp to-addresses=192.168.5.20
add action=dst-nat chain=dstnat disabled=yes dst-port=80 in-interface=vlan100 \
log-prefix="PBX: " protocol=tcp to-addresses=192.168.5.20
add action=dst-nat chain=dstnat disabled=yes dst-port=645 in-interface=\
vlan100 log-prefix="PBX: " protocol=udp to-addresses=192.168.5.20
add action=dst-nat chain=dstnat disabled=yes dst-port=6500-6599 in-interface=\
vlan100 log-prefix="PBX: " protocol=tcp to-addresses=192.168.5.20
add action=dst-nat chain=dstnat disabled=yes dst-port=5062 in-interface=\
vlan100 log-prefix="PBX: " protocol=udp to-addresses=192.168.5.20
add action=dst-nat chain=dstnat disabled=yes dst-port=6500-6599 in-interface=\
vlan100 log-prefix="PBX: " protocol=udp to-addresses=192.168.5.20
add action=dst-nat chain=dstnat comment="PBX NETWORK" dst-port=5060 \
in-interface=vlan100 log-prefix="PBX: " protocol=udp src-address-list=\
SIP to-addresses=192.168.1.2
add action=dst-nat chain=dstnat comment="PBX NETWORK" dst-port=5060 \
in-interface=vlan100 log-prefix="PBX: " protocol=tcp src-address-list=\
SIP to-addresses=192.168.1.2
add action=dst-nat chain=dstnat dst-port=6000-6399 in-interface=vlan100 \
log-prefix="PBX: " protocol=udp src-address-list=SIP to-addresses=\
192.168.1.2
add action=dst-nat chain=dstnat dst-port=6000-6399 in-interface=vlan100 \
log-prefix="PBX: " protocol=tcp src-address-list=SIP to-addresses=\
192.168.1.2
add action=dst-nat chain=dstnat dst-port=3478-3479 in-interface=vlan100 \
log-prefix="PBX: " protocol=tcp src-address-list=SIP to-addresses=\
192.168.1.2
add action=dst-nat chain=dstnat dst-port=5000-5001 in-interface=vlan100 \
log-prefix="PBX: " protocol=tcp to-addresses=192.168.0.77
add action=dst-nat chain=dstnat dst-port=5090 in-interface=vlan100 \
log-prefix="PBX: " protocol=tcp to-addresses=192.168.0.77
add action=dst-nat chain=dstnat comment="Hairpin NAT 3cx PBX Door bell" \
dst-address=61.69.57.74 dst-port=5090 log-prefix="PBX: " protocol=tcp \
to-addresses=192.168.0.77
add action=dst-nat chain=dstnat comment="Hairpin NAT 3cx PBX Door bell" \
dst-address=61.69.57.74 dst-port=5001 log-prefix="PBX: " protocol=tcp \
to-addresses=192.168.0.77
add action=dst-nat chain=dstnat comment="Hairpin NAT 3cx PBX Door bell" \
dst-address=61.69.57.74 dst-port=5090 log-prefix="PBX: " protocol=udp \
to-addresses=192.168.0.77
add action=dst-nat chain=dstnat dst-port=5090 in-interface=vlan100 \
log-prefix="PBX: " protocol=udp to-addresses=192.168.0.77
add action=dst-nat chain=dstnat dst-port=5064 in-interface=vlan100 \
log-prefix="PBX: " protocol=udp to-addresses=192.168.0.77
add action=dst-nat chain=dstnat dst-port=9000-10999 in-interface=vlan100 \
log-prefix="PBX: " protocol=udp to-addresses=192.168.0.77
add action=accept chain=dstnat comment="Allow Win Box Trafic" dst-port=8291 \
in-interface=vlan100 protocol=tcp
add action=accept chain=dstnat in-interface="ether1 TPG Internet" \
src-address=52.63.55.4
add action=dst-nat chain=dstnat comment="RDP Accesst to Server" dst-port=5952 \
in-interface=vlan100 log-prefix="RDP ACCESS" protocol=tcp to-addresses=\
192.168.0.200 to-ports=3389
add action=dst-nat chain=dstnat comment="RDP Accesst to Server ABETTA VM" \
dst-port=5955 in-interface=vlan100 log-prefix="RDP ACCESS ABETTA" \
protocol=tcp to-addresses=192.168.0.150 to-ports=3389
add action=dst-nat chain=dstnat disabled=yes dst-port=5921 in-interface=\
vlan100 protocol=tcp src-address-list=3cx_PBX to-addresses=192.168.0.101 \
to-ports=21
add action=dst-nat chain=dstnat disabled=yes dst-port=5065 in-interface=\
vlan100 protocol=tcp src-address-list=3cx_PBX to-addresses=192.168.0.74
add action=dst-nat chain=dstnat disabled=yes dst-port=5065 in-interface=\
vlan100 protocol=udp src-address-list=3cx_PBX to-addresses=192.168.0.74
add action=dst-nat chain=dstnat disabled=yes dst-port=14000-14019 \
in-interface=vlan100 protocol=udp src-address-list=3cx_PBX to-addresses=\
192.168.0.74
add action=dst-nat chain=dstnat comment="GEO WEB Port" dst-port=9999 \
in-interface=vlan100 protocol=tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=56000 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=8554 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=17300-17380 in-interface=vlan100 \
protocol=udp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=6550 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=4550 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=5550 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=5552 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=8866 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=5511 in-interface=vlan100 protocol=\
tcp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat dst-port=5511 in-interface=vlan100 protocol=\
udp to-addresses=192.168.0.54
add action=dst-nat chain=dstnat comment="FTP IN to NAS" dst-port=21 \
in-interface=vlan100 log=yes log-prefix="FTP Connection IN: " \
protocol=tcp src-address-list=3cx_PBX to-addresses=192.168.0.101
add action=dst-nat chain=dstnat comment="Test Network" disabled=yes dst-port=\
5059 in-interface=vlan100 protocol=tcp to-addresses=192.168.3.198
add action=dst-nat chain=dstnat disabled=yes dst-port=5090 in-interface=\
vlan100 protocol=udp to-addresses=192.168.3.198
add action=dst-nat chain=dstnat disabled=yes dst-port=6090 in-interface=\
vlan100 protocol=tcp to-addresses=192.168.3.198
add action=dst-nat chain=dstnat disabled=yes in-interface=vlan100 \
to-addresses=192.168.3.19
add action=dst-nat chain=dstnat comment="DMZ OFFICE NETWORK" disabled=yes \
in-interface=vlan100 to-addresses=192.168.3.198
add action=dst-nat chain=dstnat comment="EVE's XenServer" disabled=yes \
dst-port=2005 in-interface=vlan100 protocol=tcp to-addresses=\
192.168.0.210 to-ports=443
add action=dst-nat chain=dstnat comment="TOO THE HEnley 3CX PBX" disabled=yes \
dst-port=5062 in-interface=vlan100 protocol=tcp src-port="" to-addresses=\
192.168.0.52
add action=dst-nat chain=dstnat comment="TOO THE HEnley 3CX PBX" disabled=yes \
dst-port=5062 in-interface=vlan100 protocol=udp src-port="" to-addresses=\
192.168.0.52
add action=dst-nat chain=dstnat comment="EVE's XenServer" disabled=yes \
dst-port=22 in-interface=vlan100 protocol=tcp to-addresses=192.168.0.210
add action=dst-nat chain=dstnat comment="EVE's XenServer" disabled=yes \
dst-port=5900-5920 in-interface=vlan100 protocol=tcp to-addresses=\
192.168.0.210
/ip firewall service-port
set sip disabled=yes ports=5060,5061,5062
/ip route
add check-gateway=ping disabled=yes distance=1 gateway=NordVPN-out1-out1 \
routing-mark=vpn
add distance=1 gateway=61.69.57.73
add distance=1 dst-address=10.10.0.0/22 gateway=MT-Management-VPN
add distance=1 dst-address=10.11.3.0/24 gateway=MT-Management-VPN
add distance=1 dst-address=52.221.130.73/32 gateway=192.168.0.254 pref-src=\
0.0.0.0
add distance=1 dst-address=192.168.5.0/24 gateway="Port4 Office PC Network"
add disabled=yes distance=2 dst-address=192.168.5.0/24 gateway=\
"ether1 TPG Internet"
/ip route rule
add dst-address=52.221.130.73/32 interface="Port4 Office PC Network" \
src-address=192.168.0.203/32 table=main
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.0.0/24
set ssh address=192.168.0.0/24,192.168.1.0/24 port=2200
set api disabled=yes
set winbox address=192.168.0.0/24,192.168.1.0/24,13.237.137.170/32
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip tftp
add disabled=yes ip-addresses=192.168.3.1
add ip-addresses=192.168.0.0/24 real-filename=gxp1600fw.bin req-filename=.*
/ip traffic-flow
set enabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface="Port 2 Phone system" type=internal
/snmp
set enabled=yes
/system clock
set time-zone-name=Australia/Brisbane
/system identity
set name=POS_Scales
/system ntp client
set enabled=yes primary-ntp=192.168.1.1 server-dns-names=\
0.au.pool.ntp.org,1.au.pool.ntp.org,2.au.pool.ntp.org
/system scheduler
add disabled=yes interval=1w name=AUTO_FTP_Backup on-event=":local saveUserDB \
true\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"phones.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"aastra\"\r\
\n:local FTPPass \"974082\"\r\
\n\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:local backupFileName \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupFileName \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 5s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/29/2021 start-time=21:12:00
/system script
add dont-require-permissions=no name=BackupFTP owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"phones.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"aastra\"\r\
\n:local FTPPass \"974082\"\r\
\n\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:local backupFileName \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupFileName \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 5s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\""
/tool bandwidth-server
set authenticate=no
/tool graphing interface
add interface="ether1 TPG Internet"
add interface=vlan100
add interface="Test Bench Port 3"
add interface="Port 2 Phone system"
add interface="Port4 Office PC Network"
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon
set enabled=yes
/tool sniffer
set file-limit=900000000KiB file-name=lift.pcap filter-interface=\
"Port4 Office PC Network" filter-ip-address=192.168.1.0/24 memory-limit=\
2000KiB