Mikrotik Problem sa WAN i LAN

poruka: 13
|
čitano: 18.640
|
moderatori: pirat, XXX-Man, DrNasty, vincimus
1
+/- sve poruke
ravni prikaz
starije poruke gore
7 godina
neaktivan
offline
MikroTik Problem sa WAN i LAN

Nadam se da sam pogodio podforum ako nisam, zamolio bih da admini presele ovu temu di je potrebno.

 

Ovako, kupio sam nedavno MikroTik RouterBOARD RB941-2nD hAP Lite za kuću.

Problem je ovaj, moj PC sam ukljucio na port2 mikrotika, a kao WAN sam postavio port1 na mikrotiku, i imalo je interneta, kada sam reboot-o mikrotik nije radilo više, ali kada sam preselio WAN sa porta1 na port4 i za moji PC sa port2 na port3 ima interneta, ali kada sam pokušao vratiti sa porta 4 na 1 nema, isto tako kada sam pokušao vratiti za PC sa port3 na port2 ima interneta, ali port1 uopće ne radi, iako je u interface postavljen kao WAN. Trenutno je uključeno kao WAN na port4 a PC na port3. WIFI radi. Novi sam no već 2 dana pokušavam nešto ali uzalud...



Nadam se da ima netko kome nije "mrsko" pročitati ovo i pogledati slike, i reći di sam pogriješio. Hvala.Nikola.

 

 

Nixa
Poruka je uređivana zadnji put ned 9.9.2018 14:52 (NixsaHD).
Moj PC  
0 0 hvala 0
17 godina
neaktivan
offline
Mikrotik Problem sa WAN i LAN

Ether 1 port ti nije u bridgeu, dodaj ga.

www.petvolta.com
Moj PC  
0 0 hvala 0
7 godina
neaktivan
offline
Re: Mikrotik Problem sa WAN i LAN

Kada sam bio stavio Ether1 u bridge, automatski svi portovi su mi poslati WAN. Di god da sam ubacio wan je bio. To mi nije bilo potrebno, uspio sam popraviti.

 

Nego dali mi možete pomoći oko QoS?

Ulazni IP sam stavio u Simple Queues, iz toga IP bi bih podijelio brzinu interneta: 1.5MBp/s Download na PC i 256Kbp/s upload, a 3MBp/s Downloada bi stavio na WIFI kao i 256Kbp/s Upload,

Za PC radi, ali za WIFI ne, hoću da WIFI ima 3/0.25.Nikola.

Nixa
11 godina
neaktivan
offline
Mikrotik Problem sa WAN i LAN

Mozes li postati 

/export compact

 

Samo obriši šifre za wifi, mac adrese, S/N routera i slično

 

I također objesniš što pokušavaš napraviti?

vidim da imaš VPN, ali to ti neće raditi osim ako router ne dobije javnu adresu.

reko si da si sredio ovo sa WAN, ali kolko vidim imaš lokalnu adresu u 192.168.1.0/24 range-u

ako hoćeš da mikrotik preuzme stavi glavi router u bridge mode.

ako ti isp daje adresu preko DHCP-a, ok si, ako pak ide preko pppoe, onda moraš postaviti novi pppoe client, to će ti biti pod interface, pa plusić, pa izabereš pppoe client.

interface staviš pod ether1, a username i pass u dail out tab-u.

Moj PC  
0 0 hvala 0
7 godina
neaktivan
offline
Re: Mikrotik Problem sa WAN i LAN

Slike su, tu jos od pocetka problema, koji sam riješio.

DHCP sam isključio u glavnom ruteru i na glavni je ruter spojen samo mikrotik te je samo  ta jedna adresa.

 

Sa QoS sam mislio ovako: Napravio sam Simple Queue, gdje je moja ip adresa od računala static koju sam dodao u postavkama adaptera u windovsu te još dodatno stavio static u miktoriku, tako da mi se ip ne mjenja za to računalo, i da imam prioritet 8 na download i upload a upload i download sam ostavio unlimited.

Unlinited sam ostavio jer sam mislio da će raditi kako treba, meni treba da ako pokrenem ajmo reći online igru koja vuće kojih 0.74Mbp/s download i 0,20MBp/s Upload, da mi osigurava stalno toliko MB koliko mi treba bez obzira ko je spojen još na mikrotik. Baš i ne radi kako sam htio, pokušao sam i staviti sve ostale ip koji su spojeni i napravio poseban que za to i prioritete stavio na 1do4, al opet. Ja želim samo da ako je nekom programu potrebno određena brzina ili ti ga mome računalu, brzina konstantna, da ne pada kao u mojemu slučaju sada, brzine koje iigra zahtjeva nisu ogromne, ali opet mi kada se netko spoji uzima i tih 0.74/0,20Mb/DW/UP. Ja sam se raspisao, a pitanje je dal ce imati tko volje ovo pročitati. Hvala. Nikola

Nixa
11 godina
neaktivan
offline
Mikrotik Problem sa WAN i LAN

Koja ti je brzina neta? nemreš reć unlimited, jer mikrotik nemre znat koja je brzina upload-a, a koja download-a.

 

evo ti primjer za mene 120mbit download, 20mbit upload

 

/queue simple
add name=bandwidth target=192.168.88.0/24 max-limit=20M/120M
add name=ja target=192.168.88.10/32 max-limit=20M/120M limit-at=10M/50M parent=bandwidth

 

dalje, u firewall-u fasttrack mora bit isključen

 

drugo 

Ovo za glavni router, jesi isključio DHCP, ali nije u bridge modu. Što znači da ima double NAT

Ono što ti je potrebno je prebacit ISP router u bridge mode i konfigurirati mikrotika tako da preuzme ulogu vanjskog routera (javna ip adresa)

 

treće

ako si stavio u postavkama adaptera static, onda je to static, kad staviš u mikrotiku static adresu pod dhcp server/leases onda računalo dobiva static adresu preko DHCP-a. To je najbolja solucija jer ne zahtjeva prtljanje po postavkama mreže na samim adapterima.

Poruka je uređivana zadnji put sub 8.9.2018 13:27 (filter160).
Moj PC  
0 0 hvala 0
7 godina
neaktivan
offline
Mikrotik Problem sa WAN i LAN

Hvala na odgovoru.

 

Brzina mi je: Download 5MBp/s, Upload 0.50MBp/s, meni uzme fixsni telefon 0.50mb downloada iako fixsni nemam prikljućen, znam slabo prema ugovoru imam 20mb+turbo 10MBp/s download, a

Upload 10Mbp/s.

 

Ovako u firewall-u fasttrack sam iskljucio, ja sam rekao unlimited jer sam mislio da će mikrotik povući ono koliko može, jer ja svaki put kada odem na speedtest on meni izbaci svaki puta drugu brzinu.

 

Prvo sam pokušao staviti da glavni ip koji daje i djeli brzinu na bridge i ostalo da ima svu brzinu, pa iz toga sam djelio dalje, ali opet...Kada stavim 4,50 i 0,50 na svoju ip od računala i stavim prioritet 8 i kada napravim da trenutno sve ip koje su mi bile spojene sam stavio static i dodao na listu i stavio istu brzinu ko i mojemu ali sam prioritet stavio na minimum, ćak sam pokušao da podjelim brzine meni pola njima pola, ali opet oni mni uzmu sve bez obzira na prioritet, on meni da tu brzinu koju trebam i sve to ok, do tad kada se netko ne spoji na wifi i onda prc.

Znači meni treba da mi na izlazu na portu koji hoću da brzinu kojuj zatražim i da mi ju daje konstantno, a ono višak brzine koja mi ostane neka da na WIFI.

 

Razmišljao sam pošto sam bez ugovorne obveze da mi na par dana pošalju nekakav ruter sa mobilnom karticom, tako nešto, sada ne znam koliko bi to igralo jer signal mi nije u kući baš najbolji, nezz možda na krov sa nekakvim antenama, jer šteta mi tih 20mb... Hvala, opet dugi odgovor. Nikola

Nixa
Moj PC  
0 0 hvala 0
11 godina
neaktivan
offline
Mikrotik Problem sa WAN i LAN

Obrnuo si, prioritet 1 je najveći

Moj PC  
0 0 hvala 0
7 godina
neaktivan
offline
Re: Mikrotik Problem sa WAN i LAN

Hvala na odgovoru, ispravio sam grešku ali opet, ko da mi uzimaju svu brzinu.

Nixa
11 godina
neaktivan
offline
Mikrotik Problem sa WAN i LAN

Ne mogu ti ovako pomoći, daj napravi u terminalu /export compact

pobriši šifre, mac adresu, S/N routera i postaj tu

Moj PC  
0 0 hvala 0
7 godina
neaktivan
offline
Re: Mikrotik Problem sa WAN i LAN

Pozdrav, i hvala na odgovoru, evo i lista kako ste tražili, ja sam pokusao jos u simple ques staviti sve uređaje na jednu listu i staviti im prioritet na low, dok sam za svoj pc napravio posebno i stavio high prioritet, ali opet... ne štima oni kada dodu do max brzine ili oko 100kb uzmu i meni ono malo koliko mi je potrebno kao da su jos spojeni na glavni net.Nikola.

 

admin@MikroTik] > /export compact
# sep/30/2018 12:08:17 by RouterOS 6.42.7
# software id = Z5W3-CF2W
#
# model = RouterBOARD 941-2nD
# serial number =
/interface bridge
add admin-mac= auto-mac=no comment="Za sve portove BRIDGE" name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=WIFI supplicant-identity="" \
wpa-pre-shared-key= wpa2-pre-shared-key=
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce comment=WIFI country=croatia disabled=no distance=indoors \
frequency=auto mode=ap-bridge security-profile=WIFI ssid=MikroNix wireless-protocol=802.11 wps-mode=disabled
/interface wireless manual-tx-power-table
set wlan1 comment=WIFI
/interface wireless nstreme
set wlan1 comment=WIFI
/ip pool
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
add name=dhcp next-pool=dhcp_pool2 ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/ipv6 dhcp-server
add disabled=yes interface=bridge name=server1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue tree
add max-limit=2M name=Download_WAN1 parent=global priority=1
add max-limit=256k name=Upload_WAN1 parent=global priority=1
add limit-at=1M max-limit=2M name=DN_Interactive_WAN1 parent=Download_WAN1 priority=1
add limit-at=1M max-limit=2M name=DN_NonInteractive_WAN1 parent=Download_WAN1
add limit-at=100k max-limit=256k name=UP_Interactive_WAN1 parent=Upload_WAN1 priority=1
add limit-at=256k max-limit=256k name=UP_NonInteractive_WAN1 parent=Upload_WAN1
/queue type
add kind=pcq name=Download_WAN1 pcq-classifier=dst-address pcq-rate=2M pcq-total-limit=25000KiB
add kind=pcq name=Upload_WAN1 pcq-classifier=src-address pcq-rate=256k pcq-total-limit=25000KiB
/queue simple
add max-limit=552k/5M name=Gosti queue=pcq-upload-default/pcq-download-default target="192.168.88.243/32,192.168.88.244/32,192.168.88.245/32,\
192.168.88.248/32,192.168.88.253/32,192.168.88.247/32,192.168.88.242/32,192.168.88.240/32"
add max-limit=552k/5M name=Nikola priority=1/1 queue=pcq-upload-default/pcq-download-default target=192.168.88.200/32
add disabled=yes max-limit=552k/5M name=Svi queue=pcq-upload-default/pcq-download-default target=192.168.88.0/24
/queue tree
add name=down_p1_interactive_WAN1 packet-mark=dn_p1_interactive_WAN1 parent=DN_Interactive_WAN1 priority=1 queue=Download_WAN1
add name=down_p2_interactive_WAN1 packet-mark=dn_p2_interactive_WAN1 parent=DN_Interactive_WAN1 priority=2 queue=Download_WAN1
add name=down_p3_interactive_WAN1 packet-mark=dn_p3_interactive_WAN1 parent=DN_Interactive_WAN1 priority=3 queue=Download_WAN1
add name=down_p4_interactive_WAN1 packet-mark=dn_p4_interactive_WAN1 parent=DN_Interactive_WAN1 priority=4 queue=Download_WAN1
add name=down_p5_interactive_WAN1 packet-mark=dn_p5_interactive_WAN1 parent=DN_Interactive_WAN1 priority=5 queue=Download_WAN1
add name=down_p6_interactive_WAN1 packet-mark=dn_p6_interactive_WAN1 parent=DN_Interactive_WAN1 priority=6 queue=Download_WAN1
add name=down_p7_interactive_WAN1 packet-mark=dn_p7_interactive_WAN1 parent=DN_Interactive_WAN1 priority=7 queue=Download_WAN1
add name=down_p8_interactive_WAN1 packet-mark=dn_p8_interactive_WAN1 parent=DN_Interactive_WAN1 queue=Download_WAN1
add name=down_p1_noninteractive_WAN1 packet-mark=dn_p1_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=1 queue=Download_WAN1
add name=down_p2_noninteractive_WAN1 packet-mark=dn_p2_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=2 queue=Download_WAN1
add name=down_p3_noninteractive_WAN1 packet-mark=dn_p3_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=3 queue=Download_WAN1
add name=down_p4_noninteractive_WAN1 packet-mark=dn_p4_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=4 queue=Download_WAN1
add name=down_p5_noninteractive_WAN1 packet-mark=dn_p5_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=5 queue=Download_WAN1
add name=down_p6_noninteractive_WAN1 packet-mark=dn_p6_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=6 queue=Download_WAN1
add name=down_p7_noninteractive_WAN1 packet-mark=dn_p7_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=7 queue=Download_WAN1
add name=down_p8_noninteractive_WAN1 packet-mark=dn_p8_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 queue=Download_WAN1
add name=up_p1_interactive_WAN1 packet-mark=up_p1_interactive_WAN1 parent=UP_Interactive_WAN1 priority=1 queue=Upload_WAN1
add name=up_p2_interactive_WAN1 packet-mark=up_p2_interactive_WAN1 parent=UP_Interactive_WAN1 priority=2 queue=Upload_WAN1
add name=up_p3_interactive_WAN1 packet-mark=up_p3_interactive_WAN1 parent=UP_Interactive_WAN1 priority=3 queue=Upload_WAN1
add name=up_p4_interactive_WAN1 packet-mark=up_p4_interactive_WAN1 parent=UP_Interactive_WAN1 priority=4 queue=Upload_WAN1
add name=up_p5_interactive_WAN1 packet-mark=up_p5_interactive_WAN1 parent=UP_Interactive_WAN1 priority=5 queue=Upload_WAN1
add name=up_p6_interactive_WAN1 packet-mark=up_p6_interactive_WAN1 parent=UP_Interactive_WAN1 priority=6 queue=Upload_WAN1
add name=up_p7_interactive_WAN1 packet-mark=up_p7_interactive_WAN1 parent=UP_Interactive_WAN1 priority=7 queue=Upload_WAN1
add name=up_p8_interactive_WAN1 packet-mark=up_p8_interactive_WAN1 parent=UP_Interactive_WAN1 queue=Upload_WAN1
add name=up_p1_noninteractive_WAN1 packet-mark=up_p1_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=1 queue=Upload_WAN1
add name=up_p2_noninteractive_WAN1 packet-mark=up_p2_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=2 queue=Upload_WAN1
add name=up_p3_noninteractive_WAN1 packet-mark=up_p3_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=3 queue=Upload_WAN1
add name=up_p4_noninteractive_WAN1 packet-mark=up_p4_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=4 queue=Upload_WAN1
add name=up_p5_noninteractive_WAN1 packet-mark=up_p5_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=5 queue=Upload_WAN1
add name=up_p6_noninteractive_WAN1 packet-mark=up_p6_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=6 queue=Upload_WAN1
add name=up_p7_noninteractive_WAN1 packet-mark=up_p7_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=7 queue=Upload_WAN1
add name=up_p8_noninteractive_WAN1 packet-mark=up_p8_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 queue=Upload_WAN1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=12345678 use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.1.3/24 interface=ether1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.248 always-broadcast=yes client-id= mac-address= server=defconf
add address=192.168.88.253 client-id= mac-address= server=defconf
add address=192.168.88.245 mac-address= server=defconf
add address=192.168.88.244 mac-address= server=defconf
add address=192.168.88.243 client-id= mac-address= server=defconf
add address=192.168.88.242 client-id= mac-address= server=defconf
add address=192.168.88.240 client-id= mac-address= server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall address-list
add address=192.168.0.0/16 list=QOSCustomerIPs
add address=10.0.0.0/8 list=QOSCustomerIPs
add address=172.16.0.0/12 list=QOSCustomerIPs
add address=10.0.0.0/24 comment="ISP IP Addresses" list=ISP
add address=12.129.193.0/24 comment=WoW list=games
add address=12.129.222.0/23 comment=WoW list=games
add address=12.129.225.0/24 comment=WoW list=games
add address=12.129.228.0/24 comment=WoW list=games
add address=12.129.233.0/24 comment=WoW list=games
add address=12.129.252.0/23 comment=WoW list=games
add address=63.241.255.0/24 comment=WoW list=games
add address=72.5.213.0/24 comment=WoW list=games
add address=80.239.149.0/24 comment=WoW list=games
add address=80.239.179.0/24 comment=WoW list=games
add address=80.239.181.0/24 comment=WoW list=games
add address=80.239.185.0/24 comment=WoW list=games
add address=80.239.233.0/24 comment=WoW list=games
add address=192.12.244.0/24 comment=WoW list=games
add address=195.12.246.0/24 comment=WoW list=games
add address=199.107.6.0/23 comment=WoW list=games
add address=199.107.24.0/23 comment=WoW list=games
add address=206.16.118.0/23 comment=WoW list=games
add address=206.16.147.0/24 comment=WoW list=games
add address=206.18.148.0/23 comment=WoW list=games
add address=206.18.98.0/23 comment=WoW list=games
add address=206.16.235.0/24 comment=WoW list=games
add address=206.17.111.0/24 comment=WoW list=games
add address=213.248.123.0/24 comment=WoW list=games
add address=213.248.127.0/24 comment=WoW list=games
add address=202.9.66.0/23 comment=SC2 list=games
add address=12.129.254.0/23 comment=SC2 list=games
add address=12.129.206.0/24 comment=SC2 list=games
add address=12.129.242.0/24 comment="Diablo III" list=games
add address=12.130.245.0/24 comment="Diablo III" list=games
add address=12.130.244.0/24 comment="Diablo III" list=games
add address=12.130.246.0/24 comment="Diablo III" list=games
add address=63.150.138.0/24 comment="Dota 2" list=games
add address=103.10.124.0/24 comment="Dota 2" list=games
add address=103.10.125.0/24 comment="Dota 2" list=games
add address=103.28.54.0/23 comment="Dota 2" list=games
add address=146.66.152.0/23 comment="Dota 2" list=games
add address=146.66.154.0/24 comment="Dota 2" list=games
add address=146.66.155.0/24 comment="Dota 2" list=games
add address=146.66.156.0/23 comment="Dota 2" list=games
add address=146.66.158.0/23 comment="Dota 2" list=games
add address=185.25.180.0/23 comment="Dota 2" list=games
add address=185.25.182.0/24 comment="Dota 2" list=games
add address=192.69.96.0/22 comment="Dota 2" list=games
add address=205.196.6.0/24 comment="Dota 2" list=games
add address=208.64.200.0/24 comment="Dota 2" list=games
add address=208.64.201.0/24 comment="Dota 2" list=games
add address=208.64.202.0/24 comment="Dota 2" list=games
add address=208.64.203.0/24 comment="Dota 2" list=games
add address=208.78.164.0/22 comment="Dota 2" list=games
add address=216.111.123.0/24 comment="Dota 2" list=games
add address=31.186.224.0/24 comment="LoL Europe" list=games
add address=31.186.226.0/24 comment="LoL Europe" list=games
add address=64.7.194.0/24 comment="LoL Europe" list=games
add address=95.172.65.0/24 comment="LoL Europe" list=games
add address=95.172.70.0/24 comment="LoL Europe" list=games
add address=66.150.148.0/24 comment="LoL EU-NE" list=games
add address=192.64.168.0/24 comment="LoL NA" list=games
add address=192.64.169.0/24 comment="LoL NA" list=games
add address=192.64.170.0/24 comment="LoL NA" list=games
add address=216.133.234.0/24 comment="LoL NA" list=games
add address=59.100.95.128/25 comment="LoL Oceania" list=games
add address=203.116.112.128/25 comment="LoL Singapore/Malaysia" list=games
add address=216.240.136.162 comment="Lowerping - US West - Panther 1" list=games
add address=216.240.145.9 comment="Lowerping - US West - Panther 2" list=games
add address=64.69.36.224 comment="Lowerping - US West - Panther 3" list=games
add address=208.70.75.171 comment="Lowerping - US West - Panther 4" list=games
add address=208.70.78.93 comment="Lowerping - US West - Panther 5" list=games
add address=216.240.136.167 comment="Lowerping - US West - Panther 6" list=games
add address=64.56.65.9 comment="Lowerping - US West - Tiger 1" list=games
add address=74.222.8.249 comment="Lowerping - US West - Tiger 2" list=games
add address=216.18.198.2 comment="Lowerping - US West - Fox 1" list=games
add address=173.231.26.242 comment="Lowerping - US West - Fox 2" list=games
add address=66.212.28.128 comment="Lowerping - US West - Lion A1" list=games
add address=66.63.191.237 comment="Lowerping - US West - Lion A2" list=games
add address=72.11.142.216 comment="Lowerping - US West - Lion B1" list=games
add address=72.11.142.217 comment="Lowerping - US West - Lion B2" list=games
add address=96.44.172.186 comment="Lowerping - US West - Lion C1" list=games
add address=96.44.177.26 comment="Lowerping - US West - Lion C2" list=games
add address=96.44.177.27 comment="Lowerping - US West - Lion D1" list=games
add address=72.11.142.218 comment="Lowerping - US West - Lion D2" list=games
add address=64.120.10.178 comment="Lowerping - US West - Panda 1" list=games
add address=72.51.46.93 comment="Lowerping - US West - Rhino 1" list=games
add address=173.245.68.180 comment="Lowerping - US West - Squid 1" list=games
add address=173.245.68.178 comment="Lowerping - US West - Squid 2" list=games
add address=8.17.252.162 comment="Lowerping - US West - Koala 1" list=games
add address=8.17.252.163 comment="Lowerping - US West - Koala 2" list=games
add address=50.23.65.37 comment="Lowerping - US West - Salmon 1" list=games
add address=174.127.96.124 comment="Lowerping - US West - Salmon 2" list=games
add address=174.127.96.127 comment="Lowerping - US West - Salmon 3" list=games
add address=66.109.20.100 comment="Lowerping - US East - Cobra 1" list=games
add address=66.199.235.194 comment="Lowerping - US East - Otter 1" list=games
add address=72.9.100.90 comment="Lowerping - US East - Otter 2" list=games
add address=173.208.45.82 comment="Lowerping - US East - Spider 1" list=games
add address=69.162.127.98 comment="Lowerping - US Central - Frog 1" list=games
add address=174.133.108.202 comment="Lowerping - US Central - Tadpole 1" list=games
add address=174.34.132.50 comment="Lowerping - US Central - Toad 1" list=games
add address=70.32.43.122 comment="Lowerping - Chicago - Macaw 1" list=games
add address=184.154.38.138 comment="Lowerping - Chicago - Jaguar 1" list=games
add address=78.129.220.51 comment="Lowerping - Europe - London 1" list=games
add address=188.138.24.38 comment="Lowerping - Europe - Germany 1" list=games
add address=85.10.193.111 comment="Lowerping - Europe - Germany 3" list=games
add address=94.75.208.164 comment="Lowerping - Europe - Netherlands 1" list=games
add address=62.212.91.21 comment="Lowerping - Europe - Netherlands 2" list=games
add address=91.191.144.94 comment="Lowerping - Europe - Paris 1" list=games
add address=46.21.207.116 comment="Lowerping - Europe - Paris 2" list=games
add address=159.153.0.0/16 comment="SWTOR - USA/EUROPE" list=games
add address=206.127.144.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games
add address=64.25.32.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface-list=WAN
/ip firewall mangle
add action=log chain=notes comment="Start of QoS tree version updated on 4/4/2014"
add action=accept chain=prerouting comment="Accept traffic From QOSCustomerIPs to QOSCustomerIPs" dst-address-list=QOSCustomerIPs \
src-address-list=QOSCustomerIPs
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="We should start with marking everything as unknown - dn_p7_interactive WAN1" in-interface=\
ether2 new-packet-mark=dn_p7_interactive_WAN1 passthrough=yes
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="We should start with marking everything as unknown - up_p7_interactive" new-packet-mark=\
up_p7_interactive_WAN1 out-interface=ether2 passthrough=yes
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Mark all ACK packets p1 for outbound traffic." new-packet-mark=up_p1_interactive_WAN1 \
out-interface=ether2 passthrough=yes protocol=tcp tcp-flags=ack
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Mark all ACK packets p1 for outbound traffic." in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=yes protocol=tcp tcp-flags=ack
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-connection chain=prerouting comment="Mark p2p connections first" new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment=\
"Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can configure" connection-mark=\
p2p_conn in-interface=ether2 new-packet-mark=dn_p8_noninteractive_WAN1 passthrough=no
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment=\
"Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can configure" connection-mark=\
p2p_conn new-packet-mark=up_p8_noninteractive_WAN1 out-interface=ether2 passthrough=no
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p8_noninteractive_WAN1 passthrough=no protocol=tcp src-port=6881
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" dst-port=6881 \
new-packet-mark=up_p8_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no src-address-list=ISP
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" dst-address-list=ISP new-packet-mark=\
up_p1_interactive_WAN1 out-interface=ether2 passthrough=no
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="BGP as p1_interactive with NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=179
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="BGP as p1_interactive with NO PASSTHROUGH" dst-port=179 new-packet-mark=\
up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="OSPF as p1_interactive with NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=ospf
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="OSPF as p1_interactive with NO PASSTHROUGH" new-packet-mark=up_p1_interactive_WAN1 \
out-interface=ether2 passthrough=no protocol=ospf
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" \
connection-bytes=0-1000000 dst-port=8080 new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" \
connection-bytes=0-1000000 in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=8080
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k dst-port=53 \
in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k new-packet-mark=\
up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp src-port=53
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k dst-port=53 \
new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k in-interface=\
ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=53
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="ICMP is p1_interactive NO PASSTHROUGH" new-packet-mark=up_p1_interactive_WAN1 \
out-interface=ether2 passthrough=no protocol=icmp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="ICMP is p1_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=icmp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k dst-port=3478,4080,5223 new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=3478,4080,5223
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k dst-port=16393-16402 new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=16393-16402
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k dst-port=5060-5061 new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=5060-5061
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k dst-port=5060-5061 new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" \
connection-rate=0-512k in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=5060-5061
add action=mark-connection chain=prerouting comment="VOIP - mark DSCP 46 with voip connection mark" dscp=46 new-connection-mark=voip \
passthrough=yes
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" \
connection-mark=voip connection-rate=0-512k new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" \
connection-mark=voip connection-rate=0-512k in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" \
connection-mark=voip connection-rate=0-512k new-packet-mark=up_p1_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" \
connection-mark=voip connection-rate=0-512k in-interface=ether2 new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="NTP is set at p1_interactive." dst-port=123 in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=123
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="NTP is set at p1_interactive." dst-port=123 new-packet-mark=up_p1_interactive_WAN1 \
out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="WINBOX p1_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=8291
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="WINBOX p1_interactive NO PASSTHROUGH" dst-port=8291 new-packet-mark=up_p1_interactive_WAN1 \
out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" dst-address-list=\
site-specific new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p2_interactive_WAN1 passthrough=no src-address-list=site-specific
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" dst-address-list=games \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no src-address-list=games
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M dst-port=\
3389,5900 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3389,5900
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3389,5900
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Steam (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=\
27000-28999 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Steam (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=27000-27015
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Runes of Magic (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
dst-port=21002,16401-16402,16502 new-packet-mark=up_p2_interactive_wan out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Runes of Magic (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_wan passthrough=no protocol=udp src-port=21002,16401-16402,16502
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="GunZ (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=\
7700-7800 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="GunZ (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=7700-7800
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Trickster Online (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=10006,13339,22006
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Trickster Online (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=10006,13339,22006 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
6112-6119 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=6112-6119
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Warcraft 3 and WoW 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=6112-6119 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Warcraft 3 and WoW 0-512k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-512k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=6112-6119
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=1119 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=1119
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3724
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=3724 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="EVE Online (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=26000
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="EVE Online (games) 0-512k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=26000 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=1513 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=1513
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=7456 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=7456
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=8687 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=8687
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
2000,2003 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=2000,2003
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=\
0-128k dst-port=3478,3479,3658 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=\
0-256k in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=3478,3479,3658
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=\
0-128k dst-port=5223 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=\
0-256k in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=5223
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 new-packet-mark=\
up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=3074
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 new-packet-mark=\
up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3074
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Guild Wars (games) 0-1024k up p2_interactive NO PASSTHROUGH" connection-rate=0-1024k \
dst-port=6112,6600 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Guild Wars (games) 0-2048k down p2_interactive NO PASSTHROUGH" connection-rate=0-2048k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=6112,6600
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Company of Heroes (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=30260 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Company of Heroes (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=30260
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=11235-11335 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=11235-11335
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=11031 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=11031
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=28004 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=28004
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3724
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=3724 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
5223,3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=5223,3074
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
2005,3074,3075 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=2005,3074,3075
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Steam (codMW2) 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k dst-port=\
1500,3005,3101,28960 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Steam (codMW2) 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=1500,3005,3101,28960
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18390,18395,13505 new-packet-mark=\
up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=18390,18395,13505
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18395 new-packet-mark=\
up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=18395
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
dst-port=7110,7230 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=7230,7110
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=64100 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=ether2 \
new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=64100
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="UT3 (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=7777,3783
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="UT3 (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
7777,3783 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Rift (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
6520-6540 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Rift (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=6520-6540
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
4321,6660-6669,28900,29900,2901 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=4321,6660-6669,28900,29900,2901
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
6515,6500,13139,27900 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=6515,6500,13139,27900
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Freelancer (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=2302-2304
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Freelancer (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=2302-2304 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Minecraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=25565
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Minecraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
dst-port=25565 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="SSH 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=22 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="SSH 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=ether2 \
new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=22
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="ICQ p2_interactive NO PASSTHROUGH" dst-port=5190 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="ICQ p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=5190
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="MSN p2_interactive NO PASSTHROUGH" dst-port=1863 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="MSN p2_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=1863
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
5004 new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
in-interface=ether2 new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=5004
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="telnet 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k dst-port=23 \
new-packet-mark=up_p2_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="telnet 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k in-interface=ether2 \
new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=23
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" new-packet-mark=\
up_p3_interactive_WAN1 out-interface=ether2 passthrough=yes protocol=ipsec-esp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p3_interactive_WAN1 passthrough=yes protocol=ipsec-esp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" new-packet-mark=up_p3_interactive_WAN1 \
out-interface=ether2 passthrough=yes protocol=ipsec-ah
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p3_interactive_WAN1 passthrough=yes protocol=ipsec-ah
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" dst-port=4500 new-packet-mark=\
up_p3_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p3_interactive_WAN1 passthrough=no protocol=udp src-port=4500
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" dst-port=1935 \
new-packet-mark=up_p6_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" in-interface=\
ether2 new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=tcp src-port=1935
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 \
new-packet-mark=up_p6_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" in-interface=\
ether2 new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=tcp src-port=554
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 \
new-packet-mark=up_p6_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" in-interface=\
ether2 new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=udp src-port=554
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" dst-port=110 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=110
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " dst-port=25 \
new-packet-mark=up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " in-interface=ether2 \
new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=25
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" dst-port=465 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=465
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" dst-port=485 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=485
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=993 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=993
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" dst-port=143 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=143
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=995 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=995
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" dst-port=3690 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" in-interface=ether2 \
new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=3690
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="SNMP set at p4_interactive NO PASSTHROUGH" dst-port=161 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="SNMP set at p4_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p4_interactive_WAN1 passthrough=no protocol=udp src-port=161
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" dst-port=1194 new-packet-mark=\
up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=udp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p4_interactive_WAN1 passthrough=no protocol=udp src-port=1194
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=\
27014-27050 new-packet-mark=up_p4_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=\
ether2 new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=27014-27050
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" dst-port=27014-27050 new-packet-mark=\
up_p2_noninteractive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p2_noninteractive_WAN1 passthrough=no protocol=tcp src-port=27014-27050
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" dst-port=119 new-packet-mark=\
up_p7_noninteractive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p7_noninteractive_WAN1 passthrough=no protocol=tcp src-port=119
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" dst-port=433 new-packet-mark=\
up_p7_noninteractive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" in-interface=ether2 new-packet-mark=\
dn_p7_noninteractive_WAN1 passthrough=no protocol=tcp src-port=433
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=prerouting comment="http download will be treated as dn_p3_interactive" in-interface=ether2 new-packet-mark=\
dn_p3_interactive_WAN1 passthrough=no protocol=tcp src-port=80,443,8080
# in/out-interface matcher not possible when interface (ether2) is slave - use master instead (bridge)
add action=mark-packet chain=postrouting comment="http upload will be treated as up_p3_interactive" dst-port=80,443,8080 new-packet-mark=\
up_p3_interactive_WAN1 out-interface=ether2 passthrough=no protocol=tcp
add action=log chain=notes comment="End QoS tree"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether1
/ip route
add distance=1 gateway=192.168.1.1
/ip traffic-flow
set cache-entries=4M interfaces=ether1
/ipv6 address
add address= eui-64=yes interface=ether1
/ipv6 dhcp-client
add add-default-route=yes interface=ether2 pool-name=DelePrefix64 request=prefix
/ppp secret
add name=vpn password=
/system clock
set time-zone-name=Europe/Zagreb
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Nixa
Poruka je uređivana zadnji put ned 30.9.2018 12:28 (NixsaHD).
7 godina
neaktivan
offline
Re: Mikrotik Problem sa WAN i LAN

Poštovani, pokušao sam u međuvremenu nešto ali išlo je prema goremu, dali ste vi možda ustanovili kvar. LP. Nikola.

Nixa
7 godina
neaktivan
offline
Re: Mikrotik Problem sa WAN i LAN

Poštovani, dali mi još uvijek možete pomoći?. LP. Nikola

Nixa
1
Nova poruka
E-mail:
Lozinka:
 
vrh stranice