Задать вопрос

mchokhsky

Комментарии

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    korsar182, не помогло, к сожалению - придется ехать и включать вручную локально)
    есть какие-то адекватные методы тестирования этих гипотез?
    пинг и трассировка не подходят, потому что пинг и трассировка проходят, но выхода в интернет на резервном канале, при отключении основного, все равно нет
    Написано

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    это сделает проверку пинга правильной и рекурсивным станет маршрут до рлайн (основного), а не сумтел - спасибо, исправил
    но я не понимаю, как убрать интерфейсы с бриджа и каким образом это должно починить выход в интернет через резервный канал
    Написано

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    Ruslan-Strannik, по этим адресам мониторится, есть ли интернет за шлюзом, чтобы Микротик переключал тогда, когда за шлюзом инета нет, а не только когда сам шлюз отвалится
    рекурсия реализована только у одного провайдера, тк внешний айпи только у одного провайдера берется на каждой локации
    Написано

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    Ruslan-Strannik,

    /ip firewall mangle
    add action=mark-connection chain=prerouting disabled=yes in-interface=WAN \
    new-connection-mark=cin_ISP1 passthrough=yes
    add action=mark-connection chain=prerouting disabled=yes in-interface=*1C \
    new-connection-mark=cin_ISP2 passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=cin_ISP1 disabled=\
    yes new-routing-mark=route_ISP1 passthrough=yes src-address=\
    192.168.104.0/24
    add action=mark-routing chain=prerouting connection-mark=cin_ISP2 disabled=\
    yes new-routing-mark=route_ISP2 passthrough=yes src-address=\
    192.168.104.0/24
    add action=mark-routing chain=output connection-mark=cin_ISP1 disabled=yes \
    new-routing-mark=route_ISP1 passthrough=yes
    add action=mark-routing chain=output connection-mark=cin_ISP2 disabled=yes \
    new-routing-mark=route_ISP2 passthrough=yes

    они все disabled на роутере А - там маркировка выключена или не доделана, как я понял
    Написано

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    Конфиг С:
    spoiler
    # oct/04/2019 10:59:07 by RouterOS 6.43.7
    # software id = скрыт
    #
    # model = CRS125-24G-1S
    # serial number = скрыт
    /interface bridge
    add name=bridge_MAIN
    /interface ethernet
    set [ find default-name=ether1 ] name=ether1-sumtel speed=100Mbps
    set [ find default-name=ether2 ] name=ether2-r-line speed=100Mbps
    set [ find default-name=ether3 ] speed=100Mbps
    set [ find default-name=ether4 ] speed=100Mbps
    set [ find default-name=ether5 ] speed=100Mbps
    set [ find default-name=ether6 ] speed=100Mbps
    set [ find default-name=ether7 ] speed=100Mbps
    set [ find default-name=ether8 ] speed=100Mbps
    set [ find default-name=ether9 ] speed=100Mbps
    set [ find default-name=ether10 ] speed=100Mbps
    set [ find default-name=ether11 ] speed=100Mbps
    set [ find default-name=ether12 ] speed=100Mbps
    set [ find default-name=ether13 ] speed=100Mbps
    set [ find default-name=ether14 ] speed=100Mbps
    set [ find default-name=ether15 ] speed=100Mbps
    set [ find default-name=ether16 ] speed=100Mbps
    set [ find default-name=ether17 ] speed=100Mbps
    set [ find default-name=ether18 ] speed=100Mbps
    set [ find default-name=ether19 ] speed=100Mbps
    set [ find default-name=ether20 ] speed=100Mbps
    set [ find default-name=ether21 ] speed=100Mbps
    set [ find default-name=ether22 ] speed=100Mbps
    set [ find default-name=ether23 ] speed=100Mbps
    set [ find default-name=ether24 ] speed=100Mbps
    set [ find default-name=sfp1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
    /interface list
    add name=WAN
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip pool
    add name=скрыто_zal_main ranges=192.168.109.50-192.168.109.199
    /ip dhcp-server
    add address-pool=скрыто_zal_main authoritative=after-2sec-delay disabled=no \
    interface=bridge_MAIN name=server_скрыто_main
    /snmp community
    set [ find default=yes ] addresses=0.0.0.0/0
    /interface bridge port
    add bridge=bridge_MAIN interface=ether9
    add bridge=bridge_MAIN interface=ether10
    add bridge=bridge_MAIN interface=ether11
    add bridge=bridge_MAIN interface=ether12
    add bridge=bridge_MAIN interface=ether13
    add bridge=bridge_MAIN interface=ether14
    add bridge=bridge_MAIN interface=ether15
    add bridge=bridge_MAIN interface=ether16
    add bridge=bridge_MAIN interface=ether17
    add bridge=bridge_MAIN interface=ether18
    add bridge=bridge_MAIN interface=ether19
    add bridge=bridge_MAIN interface=ether20
    add bridge=bridge_MAIN interface=ether21
    add bridge=bridge_MAIN interface=ether22
    add bridge=bridge_MAIN interface=ether23
    add bridge=bridge_MAIN interface=ether24
    add bridge=bridge_MAIN interface=ether5
    add bridge=bridge_MAIN interface=ether6
    add bridge=bridge_MAIN interface=ether7
    add bridge=bridge_MAIN interface=ether8
    /interface list member
    add interface=ether1-sumtel list=WAN
    add interface=ether2-r-line list=WAN
    /ip address
    add address=192.168.109.1/24 interface=bridge_MAIN network=192.168.109.0
    /ip dhcp-client
    add dhcp-options=hostname,clientid disabled=no interface=ether2-r-line
    add add-default-route=no disabled=no interface=ether1-sumtel
    /ip dhcp-server network
    add address=192.168.109.0/24 dns-server=192.168.109.1,8.8.4.4 gateway=\
    192.168.109.1
    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
    /ip firewall filter
    add action=drop chain=input connection-state=invalid,new in-interface-list=\
    WAN
    /ip firewall nat
    add action=dst-nat chain=dstnat comment=RDP dst-port=4550 protocol=tcp \
    to-addresses=192.168.109.100 to-ports=3389
    add action=dst-nat chain=dstnat dst-port=3081 protocol=tcp to-addresses=\
    192.168.109.195 to-ports=3081
    add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses=\
    192.168.109.195 to-ports=8080
    add action=dst-nat chain=dstnat comment="Trassir \E4\EE\F1\F2\F3\EF\FB" \
    dst-port=3080 protocol=tcp to-addresses=192.168.109.195 to-ports=3080
    add action=dst-nat chain=dstnat dst-port=555 protocol=tcp to-addresses=\
    192.168.109.195 to-ports=555
    add action=dst-nat chain=dstnat comment="WWW 1C" dst-port=180 in-interface=\
    ether2-r-line protocol=tcp to-addresses=192.168.109.100 to-ports=180
    add action=masquerade chain=srcnat comment=sumtel out-interface=ether1-sumtel
    add action=masquerade chain=srcnat comment=rline out-interface=ether2-r-line
    /ip firewall service-port
    set sip disabled=yes
    /ip route
    add check-gateway=ping comment=rline distance=1 gateway=10.143.20.1 \
    routing-mark=rline
    add check-gateway=ping comment=sumtel distance=2 gateway=10.5.112.1 \
    routing-mark=sumtel
    add check-gateway=ping comment="over sumtel" distance=2 gateway=77.8.8.7 \
    routing-mark=sumtel scope=10
    add check-gateway=ping comment="over rline" distance=1 gateway=ether2-r-line
    add comment=sumtelcity distance=1 dst-address=10.5.0.0/16 gateway=10.5.112.1
    add check-gateway=ping distance=2 dst-address=77.8.8.7/32 gateway=10.5.112.1 \
    scope=10
    add check-gateway=ping distance=1 dst-address=77.8.8.8/32 gateway=\
    ether2-r-line scope=10
    /system clock
    set time-zone-name=Europe/Moscow
    /system identity
    set name=скрыт
    /tool netwatch
    add disabled=yes down-script="/ip route disable [find comment=\"rline\"]\r\
    \n/tool fetch url=\94https://api.telegram.org/botскрыт" host=8.8.8.8 \
    up-script="/ip route enable [find comment=\"rline\"]\r\
    \n/tool fetch url=\94https://api.telegram.org/botскрыт"
    Написано

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    Конфиг В:
    spoiler
    # oct/04/2019 13:24:57 by RouterOS 6.42.7
    # software id = скрыт
    #
    # model = CRS125-24G-1S
    # serial number = HIDDEN
    /interface bridge
    add fast-forward=no name=bridge_local
    /interface ethernet
    set [ find default-name=ether1 ] comment=sumtel name=WAN
    set [ find default-name=ether2 ] arp=proxy-arp comment=Rline name=\
    ether2-rline
    /interface list
    add exclude=dynamic name=discover
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity="B"
    /ip ipsec proposal
    set [ find default=yes ] enc-algorithms=aes-128-cbc
    /ip pool
    add name=default-dhcp ranges=192.168.103.150-192.168.103.254
    /ip dhcp-server
    add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
    interface=bridge_local name=default
    /snmp community
    set [ find default=yes ] addresses=0.0.0.0/0
    /system logging action
    set 1 disk-file-name=log
    add name=WebProxyLog remote=192.168.103.104 target=remote
    /interface bridge port
    add bridge=bridge_local hw=no interface=ether3
    add bridge=bridge_local hw=no interface=ether4
    add bridge=bridge_local hw=no interface=ether5
    add bridge=bridge_local hw=no interface=ether6
    add bridge=bridge_local hw=no interface=ether7
    add bridge=bridge_local hw=no interface=ether8
    add bridge=bridge_local hw=no interface=ether9
    add bridge=bridge_local hw=no interface=ether10
    add bridge=bridge_local hw=no interface=ether11
    add bridge=bridge_local hw=no interface=ether12
    add bridge=bridge_local hw=no interface=ether13
    add bridge=bridge_local hw=no interface=ether14
    add bridge=bridge_local hw=no interface=ether16
    add bridge=bridge_local hw=no interface=ether17
    add bridge=bridge_local hw=no interface=ether18
    add bridge=bridge_local hw=no interface=ether19
    add bridge=bridge_local hw=no interface=ether20
    /ip neighbor discovery-settings
    set discover-interface-list=discover
    /interface list member
    add interface=ether2-rline list=discover
    add interface=ether3 list=discover
    add interface=ether4 list=discover
    add interface=ether5 list=discover
    add interface=ether6 list=discover
    add interface=ether7 list=discover
    add interface=ether8 list=discover
    add interface=ether9 list=discover
    add interface=ether10 list=discover
    add interface=ether11 list=discover
    add interface=ether12 list=discover
    add interface=ether13 list=discover
    add interface=ether14 list=discover
    add interface=ether15 list=discover
    add interface=ether16 list=discover
    add interface=ether17 list=discover
    add interface=ether18 list=discover
    add interface=ether19 list=discover
    add interface=ether20 list=discover
    add interface=ether21 list=discover
    add interface=ether22 list=discover
    add interface=ether23 list=discover
    add interface=ether24 list=discover
    add interface=sfp1 list=discover
    add interface=bridge_local list=discover
    add list=discover
    /ip address
    add address=192.168.103.1/24 interface=bridge_local network=192.168.103.0
    /ip dhcp-client
    add add-default-route=no comment=Summa dhcp-options=hostname,clientid \
    disabled=no interface=WAN
    add comment=r-line dhcp-options=hostname,clientid disabled=no interface=\
    ether2-rline
    /ip dhcp-server network
    add address=192.168.103.0/24 comment="default configuration" dns-server=\
    192.168.103.1 gateway=192.168.103.1 netmask=24
    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,4.2.2.4
    /ip dns static
    add address=192.168.88.1 name=router
    /ip firewall filter
    add action=accept chain=input comment=Established_Related_Accept \
    connection-state=established,related
    add action=accept chain=forward connection-state=established,related
    add action=drop chain=input comment=invalid_drop connection-state=invalid
    add action=drop chain=forward connection-state=invalid
    add action=accept chain=forward comment=WinBox dst-port=8291 in-interface=WAN \
    protocol=tcp
    add action=accept chain=input comment=ICMP protocol=icmp
    add action=accept chain=forward comment="defaul configuration" \
    connection-state=established,related
    /ip firewall mangle
    add action=mark-connection chain=input disabled=yes in-interface=WAN \
    new-connection-mark=cin_ISP1 passthrough=yes
    add action=mark-connection chain=input disabled=yes in-interface=*1C \
    new-connection-mark=cin_ISP2 passthrough=yes
    add action=mark-routing chain=output connection-mark=cin_ISP1 disabled=yes \
    new-routing-mark=rout_ISP1 passthrough=no
    add action=mark-routing chain=output connection-mark=cin_ISP2 disabled=yes \
    new-routing-mark=rout_ISP2 passthrough=no
    /ip firewall nat
    add action=masquerade chain=srcnat comment=SumTelInet out-interface=WAN
    add action=masquerade chain=srcnat comment=RlineInet out-interface=\
    ether2-rline
    add action=dst-nat chain=dstnat comment=\
    "TRASSIR \E4\EE\F1\F2\F3\EF\FB \E8\E7 \E2\ED\E5" dst-port=3080 protocol=\
    tcp to-addresses=192.168.103.241 to-ports=3080
    add action=dst-nat chain=dstnat dst-port=3081 protocol=tcp to-addresses=\
    192.168.103.241 to-ports=3081
    add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses=\
    192.168.103.241 to-ports=8080
    add action=dst-nat chain=dstnat dst-port=5432 protocol=tcp to-addresses=\
    192.168.103.241 to-ports=5432
    add action=dst-nat chain=dstnat dst-port=554 protocol=tcp to-addresses=\
    192.168.103.241 to-ports=554
    add action=dst-nat chain=dstnat dst-port=555 protocol=tcp to-addresses=\
    192.168.103.241 to-ports=555
    add action=dst-nat chain=dstnat comment="RDP \E8\E7 \E7\E0 NAT" dst-port=4550 \
    protocol=tcp to-addresses=192.168.103.104 to-ports=3389
    add action=dst-nat chain=dstnat comment="WWW 1C" dst-port=180 in-interface=\
    WAN protocol=tcp to-addresses=192.168.103.104 to-ports=180
    /ip proxy
    set anonymous=yes cache-on-disk=yes
    /ip proxy access
    add action=deny
    /ip route
    add check-gateway=ping comment=MarkRouteRline distance=2 gateway=10.139.119.1 \
    routing-mark=route_ISP2
    add check-gateway=ping comment=MarkRouteSumtel distance=1 gateway=10.5.96.1 \
    routing-mark=route_ISP1
    add check-gateway=ping comment=OverSumma distance=1 gateway=77.88.8.7
    add check-gateway=ping comment=OverRline distance=2 gateway=ether2-rline
    add comment=SumTel_City distance=1 dst-address=10.5.0.0/16 gateway=10.5.96.1
    add distance=1 dst-address=77.88.8.3/32 gateway=ether2-rline scope=10
    add distance=1 dst-address=77.88.8.7/32 gateway=10.5.96.1 scope=10
    /ip service
    set telnet disabled=yes
    set www disabled=yes
    set ssh address="внешний ip" disabled=yes
    set api disabled=yes
    set api-ssl disabled=yes
    /ip socks
    set port=41628
    /lcd
    set time-interval=hour
    /snmp
    set enabled=yes
    /system clock
    set time-zone-name=Europe/Moscow
    /system identity
    set name="B"
    /system logging
    add action=WebProxyLog prefix=proxy topics=web-proxy
    add action=WebProxyLog topics=!debug
    add topics=l2tp
    /system ntp client
    set enabled=yes primary-ntp= "скрыто" secondary-ntp= "скрыто"
    /system routerboard settings
    set auto-upgrade=yes boot-device=nand-only silent-boot=yes
    /tool netwatch
    add comment=RenewDHCPclient down-script="/ip dhcp-client renew numbers=0" \
    host=8.8.8.8 interval=30s timeout=3s
    add comment=RenewDHCPclient down-script="/ip dhcp-client renew numbers=0" \
    host=8.8.4.4 interval=30s timeout=30s
    add comment=RenewDHCPclient down-script="/ip dhcp-client renew numbers=0" \
    host=8.8.4.4 timeout=5m
    /tool romon port
    add
    Написано

  • Три одинаковых Mikrotik, двое ходят в интернет по резервному каналу, третий - нет?

    @mchokhsky Автор вопроса
    Не знал, как уместить в ограничения кол-ва символов, поэтому прикладываю комментом.

    Конфиг А:
    spoiler
    # oct/04/2019 11:04:02 by RouterOS 6.42.7
    # software id = 5BSP-Y4JC
    #
    # model = CRS125-24G-1S
    # serial number = скрыт
    /interface bridge
    add fast-forward=no name=bridge-local protocol-mode=none
    /interface ethernet
    set [ find default-name=ether1 ] comment=SumTel name=WAN
    set [ find default-name=ether2 ] comment=Rline name=ether2-rline
    /interface list
    add exclude=dynamic name=discover
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity="A"
    /ip ipsec proposal
    set [ find default=yes ] enc-algorithms=aes-128-cbc
    /ip pool
    add name=dhcp_pool1 ranges=192.168.104.150-192.168.104.254
    /ip dhcp-server
    add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
    interface=bridge-local lease-time=8h name=dhcp1
    /snmp community
    set [ find default=yes ] addresses=0.0.0.0/0
    /system logging action
    set 1 disk-file-name=log
    /interface bridge port
    add bridge=bridge-local hw=no interface=ether9
    add bridge=bridge-local hw=no interface=ether10
    add bridge=bridge-local hw=no interface=ether12
    add bridge=bridge-local hw=no interface=ether11
    add bridge=bridge-local hw=no interface=ether13
    add bridge=bridge-local hw=no interface=ether14
    add bridge=bridge-local hw=no interface=ether15
    add bridge=bridge-local hw=no interface=ether16
    add bridge=bridge-local hw=no interface=ether17
    add bridge=bridge-local hw=no interface=ether18
    add bridge=bridge-local hw=no interface=ether19
    add bridge=bridge-local hw=no interface=ether20
    add bridge=bridge-local hw=no interface=ether21
    add bridge=bridge-local hw=no interface=ether22
    add bridge=bridge-local hw=no interface=ether23
    add bridge=bridge-local hw=no interface=ether24
    add bridge=bridge-local hw=no interface=ether3
    add bridge=bridge-local hw=no interface=ether4
    add bridge=bridge-local hw=no interface=ether5
    add bridge=bridge-local hw=no interface=ether6
    add bridge=bridge-local hw=no interface=ether7
    add bridge=bridge-local hw=no interface=ether8
    /ip neighbor discovery-settings
    set discover-interface-list=discover
    /interface list member
    add interface=ether2-rline list=discover
    add interface=ether3 list=discover
    add interface=ether4 list=discover
    add interface=ether5 list=discover
    add interface=ether6 list=discover
    add interface=ether7 list=discover
    add interface=ether8 list=discover
    add interface=ether9 list=discover
    add interface=ether10 list=discover
    add interface=ether11 list=discover
    add interface=ether12 list=discover
    add interface=ether13 list=discover
    add interface=ether14 list=discover
    add interface=ether15 list=discover
    add interface=ether16 list=discover
    add interface=ether17 list=discover
    add interface=ether18 list=discover
    add interface=ether19 list=discover
    add interface=ether20 list=discover
    add interface=ether21 list=discover
    add interface=ether22 list=discover
    add interface=ether23 list=discover
    add interface=ether24 list=discover
    add interface=sfp1 list=discover
    add interface=bridge-local list=discover
    add list=discover
    add list=discover
    add list=discover
    /ip address
    add address=192.168.104.1/24 interface=bridge-local network=192.168.104.0
    /ip cloud
    set ddns-enabled=yes
    /ip dhcp-client
    add add-default-route=no comment="default configuration" dhcp-options=\
    hostname,clientid disabled=no interface=WAN
    add dhcp-options=hostname,clientid disabled=no interface=ether2-rline
    /ip dhcp-server network
    add address=192.168.104.0/24 comment="default configuration" dns-server=\
    192.168.104.1 gateway=192.168.104.1
    /ip dns
    set allow-remote-requests=yes
    /ip firewall filter
    add action=accept chain=input comment=Established_Related_Accept \
    connection-state=established,related
    add action=accept chain=forward connection-state=established,related
    add action=drop chain=input comment=Invalid_Drop connection-state=invalid
    add action=drop chain=forward connection-state=invalid
    add action=accept chain=input comment=Winbox dst-port=8291 in-interface=WAN \
    protocol=tcp
    add action=accept chain=input comment=ICMP protocol=icmp
    add action=accept chain=forward comment="default configuration" \
    connection-state=established,related
    /ip firewall mangle
    add action=mark-connection chain=prerouting disabled=yes in-interface=WAN \
    new-connection-mark=cin_ISP1 passthrough=yes
    add action=mark-connection chain=prerouting disabled=yes in-interface=*1C \
    new-connection-mark=cin_ISP2 passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=cin_ISP1 disabled=\
    yes new-routing-mark=route_ISP1 passthrough=yes src-address=\
    192.168.104.0/24
    add action=mark-routing chain=prerouting connection-mark=cin_ISP2 disabled=\
    yes new-routing-mark=route_ISP2 passthrough=yes src-address=\
    192.168.104.0/24
    add action=mark-routing chain=output connection-mark=cin_ISP1 disabled=yes \
    new-routing-mark=route_ISP1 passthrough=yes
    add action=mark-routing chain=output connection-mark=cin_ISP2 disabled=yes \
    new-routing-mark=route_ISP2 passthrough=yes
    /ip firewall nat
    add action=masquerade chain=srcnat comment=SummaInet out-interface=WAN
    add action=dst-nat chain=dstnat comment="Trassir \E4\EE\F1\F2\F3\EF\FB" \
    dst-port=3080 protocol=tcp to-addresses=192.168.104.105 to-ports=3080
    add action=dst-nat chain=dstnat dst-port=3081 protocol=tcp to-addresses=\
    192.168.104.105 to-ports=3081
    add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses=\
    192.168.104.105 to-ports=8080
    add action=dst-nat chain=dstnat dst-port=5432 protocol=tcp to-addresses=\
    192.168.104.105 to-ports=5432
    add action=dst-nat chain=dstnat dst-port=554 protocol=tcp to-addresses=\
    192.168.104.105 to-ports=554
    add action=dst-nat chain=dstnat comment=\
    "\C4\EE\F1\F2\F3\EF \EF\EE RDP \EA \F1\E5\F0\E2\E5\EA 1\D1" dst-port=4550 \
    in-interface=WAN protocol=tcp to-addresses=192.168.104.100 to-ports=3389
    add action=dst-nat chain=dstnat comment=\
    "\CF\F0\EE\E1\F0\EE\F1 FTP \E4\EB\FF 1\D1" dst-port=21 in-interface=WAN \
    protocol=tcp to-addresses=192.168.104.100 to-ports=21
    add action=dst-nat chain=dstnat dst-port=555 protocol=tcp to-addresses=\
    192.168.104.105 to-ports=555
    add action=dst-nat chain=dstnat comment="WWW 1C" dst-port=180 in-interface=\
    WAN protocol=tcp to-addresses=192.168.104.100 to-ports=80
    add action=masquerade chain=srcnat comment=RLine out-interface=ether2-rline
    /ip proxy
    set anonymous=yes
    /ip proxy access
    add action=deny
    /ip route
    add check-gateway=ping comment=MarkRouteSumTel distance=1 gateway=10.5.152.1 \
    routing-mark=route_ISP1
    add check-gateway=ping comment=MarkRouteRline distance=2 gateway=10.131.45.1 \
    routing-mark=route_ISP2
    add check-gateway=ping comment=OverSumTel distance=1 gateway=77.88.8.7
    add check-gateway=ping comment=OverRline distance=2 gateway=ether2-rline
    add comment=SumTelCity distance=1 dst-address=10.5.0.0/16 gateway=10.5.152.1
    add distance=1 dst-address=77.88.8.3/32 gateway=ether2-rline scope=10
    add distance=1 dst-address=77.88.8.7/32 gateway=10.5.152.1 scope=10
    /ip service
    set telnet disabled=yes port=823
    set ftp disabled=yes port=821
    set www port=880
    set ssh disabled=yes port=822
    set api-ssl disabled=yes
    /ip socks
    set port=4153
    /lcd
    set time-interval=daily
    /snmp
    set enabled=yes
    /system clock
    set time-zone-name=Europe/Moscow
    /system identity
    set name="A"
    /system logging
    add topics=l2tp
    /system ntp client
    set enabled=yes primary-ntp=HIDDEN secondary-ntp=HIDDEN
    /system routerboard settings
    set auto-upgrade=yes silent-boot=yes
    /tool netwatch
    add comment=RenewDHCPclient down-script="/ip dhcp-client renew numbers=0" \
    host=8.8.8.8 interval=30s timeout=3s
    add comment=RenewDHCPclient down-script="/ip dhcp-client renew numbers=0" \
    host=8.8.4.4 interval=30s timeout=30s
    add comment=RenewDHCPclient down-script="/ip dhcp-client renew numbers=0" \
    host=8.8.4.4 timeout=5m
    /tool romon port
    add
    Написано