Требуется помощь.
Дано: два провайдера разведены прероутингом в failover, через днсы по гайдам в инете.
Есть основной бридж для основной локалки за которой пользовательская сеть.
В ether3 воткнут порт кабель от iLO(внутри забита статика со шлюзом 192.168.5.1)
Есть второй бридж для iLO во внешний мир через masqurade.
На втором бридже навешен Dhcp Server в ту же подсеть 192.168.5.0/24 с адресом на bridge-ilo 192.168.5.1.
Как итог:
[admin@MikroTik-CCC] > ping 192.168.5.88 interface=bridge-ilo
SEQ HOST SIZE TTL TIME STATUS
0 192.168.5.88 56 255 629us
1 192.168.5.88 56 255 608us
2 192.168.5.88 56 255 6ms72us
3 192.168.5.88 56 255 615us
4 192.168.5.88 56 255 550us
sent=5 received=5 packet-loss=0% min-rtt=550us avg-rtt=1ms694us
max-rtt=6ms72us
SEQ HOST SIZE TTL TIME STATUS
0 192.168.5.88 56 255 629us
1 192.168.5.88 56 255 608us
2 192.168.5.88 56 255 6ms72us
3 192.168.5.88 56 255 615us
4 192.168.5.88 56 255 550us
sent=5 received=5 packet-loss=0% min-rtt=550us avg-rtt=1ms694us
max-rtt=6ms72us
далее пробую телнет.
На заведомо нерабочие порты - telnet: connect() failed: Host is unreachable.
На те что предполагаются рабочими ситуация не понятная. телнет висит долго, потом отваливается по таймауту. предполагаю что работает, просто ничего не получил на вход.
Проблема. Пытаюсь пробросить извне dstnat на этот хост (который успешно пингуется с самого микротика) - соединение не устанавливается.
Предполагаю что возможно проблема в прероутинге, но как обойти, понимания нет.
Задача: прокинуть iLO через второй бридж в хост 192.168.5.88
Конфиг прикладываю ниже
Есть предположение что на самом iLO устройстве, выставлен другой шлюз. но в таком случае, я полагаю, не проходил бы Ping
# jan/26/2023 11:07:35 by RouterOS 7.7
# software id = X634-KDQ4
#
# model = RB2011UiAS
# serial number =
/interface bridge
add arp=proxy-arp name=bridge-ilo
add arp=proxy-arp name=bridge-lan
/interface ethernet
set [ find default-name=ether1 ] comment=ISP1
set [ find default-name=ether2 ] comment=ISP2
set [ find default-name=ether4 ] arp=proxy-arp
/interface list
add name=LAN-list
add name=WAN1-LIST
add name=ILO-list
add name=WAN2-LIST
add include=WAN1-LIST,WAN2-LIST name=WAN-ALL
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool1 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool2 ranges=192.168.5.2-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=bridge-ilo name=dhcp1
/port
set 0 name=serial0
/routing table
add disabled=no fib name=rtab-1
add disabled=no fib name=rtab-2
/snmp community
set [ find default=yes ] addresses=<Service-IP>/32
/user group
add name=prometheus policy="read,winbox,api,!local,!telnet,!ssh,!ftp,!reboot,!\
write,!policy,!test,!password,!web,!sniff,!sensitive,!romon,!rest-api"
/interface bridge port
add bridge=bridge-lan interface=ether6
add bridge=bridge-ilo interface=ether3
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add disabled=yes interface=ether4 list=LAN-list
add interface=ether1 list=WAN
add interface=ether2 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.254/24 comment=LAN-POOL interface=ether6 network=\
192.168.1.0
add address=<ISP-IP-1>/24 comment=IC-IP interface=ether1 network=\
195.98.73.0
add address=<ISP-IP-2>/24 comment=DOM.RU-IP interface=ether2 network=\
188.235.7.0
add address=192.168.5.1 comment=ILO-pool interface=ether3 network=192.168.5.0
/ip dhcp-relay
add dhcp-server=192.168.1.1 disabled=no interface=bridge-lan name=relay1
/ip dhcp-server lease
add address=192.168.5.88 mac-address=94:57:A5:8E:9C:BE
/ip dhcp-server network
add address=192.168.5.0/24 gateway=192.168.5.1
/ip dns
set servers=195.98.64.65
/ip dns static
add address=195.98.64.65 name=IC-DNS1
add address=8.8.8.8 name=GoogleDNS
/ip firewall address-list
add address=192.168.1.0/24 list=LOCAL_LAN
add address=<ISP-IP-2> list=WAN_IPs
add address=<ISP-IP-1> list=WAN_IPs
/ip firewall filter
add action=accept chain=input comment=RDP dst-port=1978 protocol=tcp
add action=accept chain=input comment="Related Established Untracked Allow" \
connection-state=established,related,untracked
add action=accept chain=forward disabled=yes src-address=192.168.5.0/24
add action=accept chain=input comment="ICMP from ALL" protocol=icmp
add action=accept chain=forward comment=\
"Established, Related, Untracked allow" connection-state=\
established,related,untracked
add action=accept chain=input comment="WinBox Wan Administration" dst-port=\
8291 protocol=tcp src-address=<admin-IP>
add action=accept chain=input comment=prometheus dst-port=8728 protocol=tcp \
src-address=<Service-IP>
add action=drop chain=forward comment="Invalid drop" connection-state=invalid
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="Port Scanners" \
in-interface-list=WAN protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="NMAP FIN Stealth scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="SYN/FIN scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="SYN/RST scan" \
in-interface-list=WAN protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="FIN/PSH/URG scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="ALL/ALL scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="NMAP NULL scan" \
in-interface-list=WAN protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="Honeypot Hacker" \
address-list-timeout=4w2d chain=input comment=\
"block honeypot ssh rdp winbox" connection-state=new dst-port=\
22,3389,8291,25,21 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop All Other" disabled=yes \
in-interface-list=WAN log-prefix=DEF_DROP
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark IC-VRN" \
connection-mark=no-mark in-interface=ether1 new-connection-mark=con-isp1 \
passthrough=yes
add action=mark-connection chain=prerouting comment="Mark DOM.RU" \
connection-mark=no-mark in-interface=ether2 new-connection-mark=con-isp2 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con-isp1 \
in-interface-list=!WAN new-routing-mark=rtab-1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con-isp2 \
in-interface-list=!WAN new-routing-mark=rtab-2 passthrough=yes
add action=mark-routing chain=output connection-mark=con-isp1 \
new-routing-mark=rtab-1 passthrough=yes
add action=mark-routing chain=output connection-mark=con-isp2 \
new-routing-mark=rtab-2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=Masqurade2IC out-interface-list=\
WAN src-address-list=LOCAL_LAN to-addresses=<ISP-IP-1>
add action=masquerade chain=srcnat comment=Masqurade-iLO disabled=yes log=yes \
log-prefix=ilokask out-interface-list=WAN src-address=192.168.5.0/24 \
to-addresses=<ISP-IP-1>
add action=masquerade chain=srcnat comment=Masqurade2IC disabled=yes \
out-interface-list=WAN src-address=192.168.5.0/24 to-addresses=\
<ISP-IP-1>
add action=dst-nat chain=dstnat comment=RDP-IC dst-address=<ISP-IP-1> \
dst-port=1978 in-interface=ether1 protocol=tcp to-addresses=192.168.1.5 \
to-ports=3389
add action=netmap chain=dstnat comment=SE-IC dst-port=6666 in-interface-list=\
WAN protocol=tcp to-addresses=192.168.1.5 to-ports=5555
add action=dst-nat chain=dstnat comment=RDP-DOM.RU dst-address=<ISP-IP-2> \
dst-port=1978 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.5 \
to-ports=3389
add action=dst-nat chain=dstnat comment=TEMP disabled=yes dst-address=\
<ISP-IP-2> dst-port=1978 in-interface-list=WAN protocol=tcp \
to-addresses=192.168.5.253 to-ports=3389
add action=dst-nat chain=dstnat comment="Zabbix HP-MAINFRANE" \
dst-address-list=WAN_IPs dst-port=10050 in-interface-list=WAN protocol=\
tcp to-addresses=192.168.1.5 to-ports=10050
add action=dst-nat chain=dstnat comment="Zabbix CCC-1c" dst-address-list=\
WAN_IPs dst-port=12050 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.1.5 to-ports=10050
add action=dst-nat chain=dstnat comment="Zabbix CCC-DC" dst-address-list=\
WAN_IPs dst-port=12051 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.1.5 to-ports=10050
add action=accept chain=dstnat comment="Zabbix CCC-DC" disabled=yes \
dst-address-list=WAN_IPs dst-port=44434 in-interface-list=WAN log=yes \
log-prefix=iLO protocol=tcp to-addresses=192.168.5.88 to-ports=80
add action=dst-nat chain=dstnat comment="Zabbix CCC-DC" dst-address-list=\
WAN_IPs dst-port=44434 log=yes log-prefix=iLO2 protocol=tcp to-addresses=\
192.168.5.88 to-ports=443
/ip firewall raw
add action=drop chain=prerouting in-interface-list=WAN src-address-list=\
"Honeypot Hacker"
/ip route
add distance=251 gateway=<Gateway-ISP-1>
add distance=252 gateway=<Gateway-ISP-2>
add gateway=<Gateway-ISP-1> routing-table=rtab-1
add gateway=<Gateway-ISP-2> routing-table=rtab-2
add disabled=no dst-address=192.168.1.0/24 gateway=192.168.1.1 routing-table=\
main suppress-hw-offload=no
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=195.98.71.1 \
pref-src="" routing-table=rtab-1 scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping disabled=yes distance=10 dst-address=0.0.0.0/0 \
gateway=77.88.8.1 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=11
add comment=11 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
<Gateway-ISP-1> pref-src="" routing-table=rtab-1 scope=30 \
suppress-hw-offload=no target-scope=10
add comment=22 gateway=<Gateway-ISP-2> routing-table=rtab-2
add comment=33 disabled=no distance=1 dst-address=77.88.8.1/32 gateway=\
<Gateway-ISP-1> pref-src="" routing-table=main scope=11 suppress-hw-offload=\
no target-scope=10
add comment=44 disabled=no distance=1 dst-address=77.88.8.2/32 gateway=\
<Gateway-ISP-2> pref-src="" routing-table=main scope=11 suppress-hw-offload=\
no target-scope=10
add check-gateway=ping comment=55 distance=10 gateway=77.88.8.1 target-scope=\
11
add check-gateway=ping comment=66 distance=20 gateway=77.88.8.2 target-scope=\
11
add comment=asdasdasd disabled=yes distance=1 dst-address=192.168.5.0/24 \
gateway=192.168.5.1 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api-ssl disabled=yes
/snmp
set enabled=yes trap-generators=interfaces trap-target=<Service-IP> \
trap-version=2
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=MikroTik-CCC
/system ntp client
set enabled=yes
/system ntp client servers
add address=91.206.16.3
add address=195.91.239.8
# software id = X634-KDQ4
#
# model = RB2011UiAS
# serial number =
/interface bridge
add arp=proxy-arp name=bridge-ilo
add arp=proxy-arp name=bridge-lan
/interface ethernet
set [ find default-name=ether1 ] comment=ISP1
set [ find default-name=ether2 ] comment=ISP2
set [ find default-name=ether4 ] arp=proxy-arp
/interface list
add name=LAN-list
add name=WAN1-LIST
add name=ILO-list
add name=WAN2-LIST
add include=WAN1-LIST,WAN2-LIST name=WAN-ALL
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool1 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool2 ranges=192.168.5.2-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=bridge-ilo name=dhcp1
/port
set 0 name=serial0
/routing table
add disabled=no fib name=rtab-1
add disabled=no fib name=rtab-2
/snmp community
set [ find default=yes ] addresses=<Service-IP>/32
/user group
add name=prometheus policy="read,winbox,api,!local,!telnet,!ssh,!ftp,!reboot,!\
write,!policy,!test,!password,!web,!sniff,!sensitive,!romon,!rest-api"
/interface bridge port
add bridge=bridge-lan interface=ether6
add bridge=bridge-ilo interface=ether3
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add disabled=yes interface=ether4 list=LAN-list
add interface=ether1 list=WAN
add interface=ether2 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.254/24 comment=LAN-POOL interface=ether6 network=\
192.168.1.0
add address=<ISP-IP-1>/24 comment=IC-IP interface=ether1 network=\
195.98.73.0
add address=<ISP-IP-2>/24 comment=DOM.RU-IP interface=ether2 network=\
188.235.7.0
add address=192.168.5.1 comment=ILO-pool interface=ether3 network=192.168.5.0
/ip dhcp-relay
add dhcp-server=192.168.1.1 disabled=no interface=bridge-lan name=relay1
/ip dhcp-server lease
add address=192.168.5.88 mac-address=94:57:A5:8E:9C:BE
/ip dhcp-server network
add address=192.168.5.0/24 gateway=192.168.5.1
/ip dns
set servers=195.98.64.65
/ip dns static
add address=195.98.64.65 name=IC-DNS1
add address=8.8.8.8 name=GoogleDNS
/ip firewall address-list
add address=192.168.1.0/24 list=LOCAL_LAN
add address=<ISP-IP-2> list=WAN_IPs
add address=<ISP-IP-1> list=WAN_IPs
/ip firewall filter
add action=accept chain=input comment=RDP dst-port=1978 protocol=tcp
add action=accept chain=input comment="Related Established Untracked Allow" \
connection-state=established,related,untracked
add action=accept chain=forward disabled=yes src-address=192.168.5.0/24
add action=accept chain=input comment="ICMP from ALL" protocol=icmp
add action=accept chain=forward comment=\
"Established, Related, Untracked allow" connection-state=\
established,related,untracked
add action=accept chain=input comment="WinBox Wan Administration" dst-port=\
8291 protocol=tcp src-address=<admin-IP>
add action=accept chain=input comment=prometheus dst-port=8728 protocol=tcp \
src-address=<Service-IP>
add action=drop chain=forward comment="Invalid drop" connection-state=invalid
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="Port Scanners" \
in-interface-list=WAN protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="NMAP FIN Stealth scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="SYN/FIN scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="SYN/RST scan" \
in-interface-list=WAN protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="FIN/PSH/URG scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="ALL/ALL scan" \
in-interface-list=WAN protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="Hacker Scanners" \
address-list-timeout=4w2d chain=input comment="NMAP NULL scan" \
in-interface-list=WAN protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="Honeypot Hacker" \
address-list-timeout=4w2d chain=input comment=\
"block honeypot ssh rdp winbox" connection-state=new dst-port=\
22,3389,8291,25,21 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop All Other" disabled=yes \
in-interface-list=WAN log-prefix=DEF_DROP
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark IC-VRN" \
connection-mark=no-mark in-interface=ether1 new-connection-mark=con-isp1 \
passthrough=yes
add action=mark-connection chain=prerouting comment="Mark DOM.RU" \
connection-mark=no-mark in-interface=ether2 new-connection-mark=con-isp2 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con-isp1 \
in-interface-list=!WAN new-routing-mark=rtab-1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con-isp2 \
in-interface-list=!WAN new-routing-mark=rtab-2 passthrough=yes
add action=mark-routing chain=output connection-mark=con-isp1 \
new-routing-mark=rtab-1 passthrough=yes
add action=mark-routing chain=output connection-mark=con-isp2 \
new-routing-mark=rtab-2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=Masqurade2IC out-interface-list=\
WAN src-address-list=LOCAL_LAN to-addresses=<ISP-IP-1>
add action=masquerade chain=srcnat comment=Masqurade-iLO disabled=yes log=yes \
log-prefix=ilokask out-interface-list=WAN src-address=192.168.5.0/24 \
to-addresses=<ISP-IP-1>
add action=masquerade chain=srcnat comment=Masqurade2IC disabled=yes \
out-interface-list=WAN src-address=192.168.5.0/24 to-addresses=\
<ISP-IP-1>
add action=dst-nat chain=dstnat comment=RDP-IC dst-address=<ISP-IP-1> \
dst-port=1978 in-interface=ether1 protocol=tcp to-addresses=192.168.1.5 \
to-ports=3389
add action=netmap chain=dstnat comment=SE-IC dst-port=6666 in-interface-list=\
WAN protocol=tcp to-addresses=192.168.1.5 to-ports=5555
add action=dst-nat chain=dstnat comment=RDP-DOM.RU dst-address=<ISP-IP-2> \
dst-port=1978 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.5 \
to-ports=3389
add action=dst-nat chain=dstnat comment=TEMP disabled=yes dst-address=\
<ISP-IP-2> dst-port=1978 in-interface-list=WAN protocol=tcp \
to-addresses=192.168.5.253 to-ports=3389
add action=dst-nat chain=dstnat comment="Zabbix HP-MAINFRANE" \
dst-address-list=WAN_IPs dst-port=10050 in-interface-list=WAN protocol=\
tcp to-addresses=192.168.1.5 to-ports=10050
add action=dst-nat chain=dstnat comment="Zabbix CCC-1c" dst-address-list=\
WAN_IPs dst-port=12050 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.1.5 to-ports=10050
add action=dst-nat chain=dstnat comment="Zabbix CCC-DC" dst-address-list=\
WAN_IPs dst-port=12051 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.1.5 to-ports=10050
add action=accept chain=dstnat comment="Zabbix CCC-DC" disabled=yes \
dst-address-list=WAN_IPs dst-port=44434 in-interface-list=WAN log=yes \
log-prefix=iLO protocol=tcp to-addresses=192.168.5.88 to-ports=80
add action=dst-nat chain=dstnat comment="Zabbix CCC-DC" dst-address-list=\
WAN_IPs dst-port=44434 log=yes log-prefix=iLO2 protocol=tcp to-addresses=\
192.168.5.88 to-ports=443
/ip firewall raw
add action=drop chain=prerouting in-interface-list=WAN src-address-list=\
"Honeypot Hacker"
/ip route
add distance=251 gateway=<Gateway-ISP-1>
add distance=252 gateway=<Gateway-ISP-2>
add gateway=<Gateway-ISP-1> routing-table=rtab-1
add gateway=<Gateway-ISP-2> routing-table=rtab-2
add disabled=no dst-address=192.168.1.0/24 gateway=192.168.1.1 routing-table=\
main suppress-hw-offload=no
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=195.98.71.1 \
pref-src="" routing-table=rtab-1 scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping disabled=yes distance=10 dst-address=0.0.0.0/0 \
gateway=77.88.8.1 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=11
add comment=11 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
<Gateway-ISP-1> pref-src="" routing-table=rtab-1 scope=30 \
suppress-hw-offload=no target-scope=10
add comment=22 gateway=<Gateway-ISP-2> routing-table=rtab-2
add comment=33 disabled=no distance=1 dst-address=77.88.8.1/32 gateway=\
<Gateway-ISP-1> pref-src="" routing-table=main scope=11 suppress-hw-offload=\
no target-scope=10
add comment=44 disabled=no distance=1 dst-address=77.88.8.2/32 gateway=\
<Gateway-ISP-2> pref-src="" routing-table=main scope=11 suppress-hw-offload=\
no target-scope=10
add check-gateway=ping comment=55 distance=10 gateway=77.88.8.1 target-scope=\
11
add check-gateway=ping comment=66 distance=20 gateway=77.88.8.2 target-scope=\
11
add comment=asdasdasd disabled=yes distance=1 dst-address=192.168.5.0/24 \
gateway=192.168.5.1 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api-ssl disabled=yes
/snmp
set enabled=yes trap-generators=interfaces trap-target=<Service-IP> \
trap-version=2
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=MikroTik-CCC
/system ntp client
set enabled=yes
/system ntp client servers
add address=91.206.16.3
add address=195.91.239.8