# routerboard: yes # model: CCR1036-8G-2S+ # revision: r2 # serial-number: C6CC0C231088 # firmware-type: tilegx # factory-firmware: 6.45.8 # current-firmware: 6.46.8 # upgrade-firmware: 7.7 # # channel: stable # installed-version: 7.7 # latest-version: 7.12 # status: Downloaded, please reboot router to upgrade it # # Flags: U, F - FLOATING-UNDO # Columns: ACTION, BY, POLICY # ACTION BY POLICY # U changed scheduled script settings nzmmaster write # U new script scheduled nzmmaster write # U new script scheduled nzmmaster write # U route 0.0.0.0/0 changed nzmmaster write # U route 0.0.0.0/0 changed nzmmaster write # # software id = 5H50-IPR5 # # model = CCR1036-8G-2S+ # serial number = C6CC0C231088 /interface pptp-client add connect-to=181.214.230.16 disabled=no name=pptp-ixc user=ixcvpn1 /interface bridge add name=CGNAT add name=CGNat-87.64 add name=CGNat-87.65 add name=CGNat-87.66 add name=CGNat-87.67 add name=CGNat-87.68 add name=CGNat-87.69 add name=CGNat-87.70 add name=CGNat-87.71 add name=CGNat-87.72 add name=CGNat-87.73 add name=CGNat-87.74 add name=CGNat-87.75 add name=CGNat-87.76 add name=CGNat-87.77 add name=CGNat-87.78 add name=CGNat-87.79 add name=CGNat-87.80 add name=CGNat-87.81 add name=CGNat-87.82 add name=CGNat-87.83 add name=CGNat-87.84 add name=CGNat-87.85 add name=CGNat-87.86 add name=CGNat-87.87 add name=CGNat-87.88 add name=CGNat-87.89 add name=CGNat-87.90 add name=CGNat-87.91 add name=CGNat-87.92 add name=CGNat-87.93 add name=CGNat-87.94 add name=CGNat-87.95 add name=CGNat-87.96 add name=CGNat-87.97 add name=CGNat-87.98 add name=CGNat-87.99 add name=CGNat-87.100 add name=CGNat-87.101 add name=CGNat-87.102 add name=CGNat-87.103 add name=CGNat-87.104 add name=CGNat-87.105 add name=CGNat-87.106 add name=CGNat-87.107 add name=CGNat-87.108 add name=CGNat-87.109 add name=CGNat-87.110 add name=CGNat-87.111 add name=CGNat-87.112 add name=CGNat-87.113 add name=CGNat-87.114 add name=CGNat-87.115 add name=CGNat-87.116 add name=CGNat-87.117 add name=CGNat-87.118 add name=CGNat-87.119 add name=CGNat-87.120 add name=CGNat-87.121 add name=CGNat-87.122 add name=CGNat-87.123 add name=CGNat-87.124 add name=CGNat-87.125 add name=CGNat-87.126 add name=CGNat-87.127 add name=CGNat-87.128 add name=CGNat-87.129 add name=CGNat-87.130 add name=CGNat-87.131 add name=CGNat-87.132 add name=CGNat-87.133 add name=CGNat-87.134 add name=CGNat-87.135 add name=CGNat-87.136 add name=CGNat-87.137 add name=CGNat-87.138 add name=CGNat-87.139 add name=CGNat-87.140 add name=CGNat-87.141 add name=CGNat-87.142 add name=CGNat-87.143 add name=CGNat-87.144 add name=CGNat-87.145 add name=CGNat-87.146 add name=CGNat-87.147 add name=CGNat-87.148 add name=CGNat-87.149 add name=CGNat-87.150 add name=CGNat-87.151 add name=CGNat-87.152 add name=CGNat-87.153 add name=CGNat-87.154 add name=CGNat-87.155 add name=CGNat-87.156 add name=CGNat-87.157 add name=CGNat-87.158 add name=CGNat-87.159 add name=CGNat-87.160 add name=CGNat-87.161 add name=CGNat-87.162 add name=CGNat-87.163 add name=CGNat-87.164 add name=CGNat-87.165 add name=CGNat-87.166 add name=CGNat-87.167 add name=CGNat-87.168 add name=CGNat-87.169 add name=CGNat-87.170 add name=CGNat-87.171 add name=CGNat-87.172 add name=CGNat-87.173 add name=CGNat-87.174 add name=CGNat-87.175 add name=CGNat-87.176 add name=CGNat-87.177 add name=CGNat-87.178 add name=CGNat-87.179 add name=CGNat-87.180 add name=CGNat-87.181 add name=CGNat-87.182 add name=CGNat-87.183 add name=CGNat-87.184 add name=CGNat-87.185 add name=CGNat-87.186 add name=CGNat-87.187 add name=CGNat-87.188 add name=CGNat-87.189 add name=CGNat-87.190 add name=CGNat-87.191 add name=bridge-testeNE protocol-mode=none add name=loopbridge add name=oob-digistar /interface ethernet set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=B8:69:F4:11:41:2B speed=100Mbps set [ find default-name=ether2 ] comment=Loja mac-address=B8:69:F4:11:41:2C speed=100Mbps set [ find default-name=ether3 ] mac-address=B8:69:F4:11:41:2D speed=100Mbps set [ find default-name=ether4 ] mac-address=B8:69:F4:11:41:2E speed=100Mbps set [ find default-name=ether5 ] mac-address=B8:69:F4:11:41:2F speed=100Mbps set [ find default-name=ether6 ] mac-address=B8:69:F4:11:41:30 speed=100Mbps set [ find default-name=ether7 ] comment=OLT1 mac-address=B8:69:F4:11:41:31 speed=100Mbps set [ find default-name=ether8 ] comment=OLT2 mac-address=B8:69:F4:11:41:32 speed=100Mbps set [ find default-name=sfp-sfpplus1 ] advertise=10M-full,100M-full,1000M-full,10000M-full mac-address=B8:69:F4:11:41:29 set [ find default-name=sfp-sfpplus2 ] advertise=10M-full,100M-full,1000M-full mac-address=B8:69:F4:11:41:2A /interface vlan add interface=sfp-sfpplus2 name=vlan2 vlan-id=2 add interface=sfp-sfpplus2 name=vlan9-BRAS_PBR vlan-id=9 add interface=sfp-sfpplus2 name=vlan10-BRAS vlan-id=10 add interface=sfp-sfpplus2 name=vlan11-BGP vlan-id=11 add interface=sfp-sfpplus2 name=vlan15 vlan-id=15 add interface=sfp-sfpplus2 name=vlan18-testeNE vlan-id=18 add interface=sfp-sfpplus2 name=vlan58 vlan-id=58 add interface=sfp-sfpplus2 name=vlan59 vlan-id=59 add interface=sfp-sfpplus2 name=vlan60-srv vlan-id=60 add interface=sfp-sfpplus2 name=vlan99 vlan-id=99 add interface=sfp-sfpplus2 name=vlan200 vlan-id=200 add comment=SBSJ-Nova interface=sfp-sfpplus2 name=vlan201 vlan-id=201 add comment=CeuAzul interface=sfp-sfpplus2 name=vlan202 vlan-id=202 add comment=SaoJoao interface=sfp-sfpplus2 name=vlan203 vlan-id=203 add comment="Ervateira Giotti" interface=sfp-sfpplus2 name=vlan204 vlan-id=204 add comment=Rebras interface=sfp-sfpplus2 name=vlan205 vlan-id=205 add comment="Predio Jackson Muller - Gerencia" interface=sfp-sfpplus2 name=vlan206 vlan-id=206 add comment="Predio Jackson Muller - Gerencia" interface=vlan206 name=vlan207 vlan-id=207 add interface=sfp-sfpplus2 name=vlan350-kairos vlan-id=350 add interface=sfp-sfpplus2 name=vlan400-NE8000 vlan-id=400 add comment="LINK AILOS - BANCO" interface=sfp-sfpplus2 name=vlan500 vlan-id=500 add comment=LINK_ALT_NOVO disabled=yes interface=sfp-sfpplus1 name=vlan600 vlan-id=600 add comment="Link - Banco do Brasil" interface=sfp-sfpplus2 name=vlan601 vlan-id=601 add comment="Link - Banco do Brasil SONIA" interface=sfp-sfpplus2 name=vlan603 vlan-id=603 add comment=painel interface=sfp-sfpplus2 name=vlan604 vlan-id=604 add interface=sfp-sfpplus2 name=vlan1001 vlan-id=1001 add interface=sfp-sfpplus2 name=vlan1002 vlan-id=1002 add interface=sfp-sfpplus2 name=vlan1004 vlan-id=1004 add interface=sfp-sfpplus2 name=vlan1005 vlan-id=1005 add interface=sfp-sfpplus2 name=vlan1006 vlan-id=1006 add interface=sfp-sfpplus2 name=vlan1499 vlan-id=1499 add interface=sfp-sfpplus2 name=vlan1600-Banco-Sicoob vlan-id=1600 add interface=sfp-sfpplus2 name=vlan2017 vlan-id=2017 add interface=sfp-sfpplus2 name=vlan2018-repetidora-madsul vlan-id=2018 add comment="TRANSPORTE ALT HEOLICAS" interface=sfp-sfpplus2 name=vlan2080 vlan-id=2080 add comment=LINK_ALT_NOVO-IPv6 disabled=yes interface=sfp-sfpplus1 name=vlan3600 vlan-id=3600 /interface list add name=wan /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=Pool-VPN ranges=172.12.0.0/24 add comment="Aviso Atraso IXCSoft" name=pool_aviso_atraso ranges=172.20.251.0/24 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.251.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.251.0/24 /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *0 dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 remote-address=Pool-VPN /queue simple add max-limit=152M/152M name=Ana_Boico target=45.236.84.172/30 add max-limit=100M/100M name=Fabrica target=45.236.87.8/29 add max-limit=42M/42M name=Banco-Sicoob target=45.236.84.176/30 add max-limit=50M/50M name=Ailos target=vlan500 /routing bgp template set default as=268227 disabled=yes output.network=bgp-networks .no-client-to-client-reflection=yes router-id=45.236.84.6 /routing ospf instance add disabled=no name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.255 routing-table=main add disabled=no in-filter-chain=ospfv3-in name=default-v3 originate-default=never out-filter-chain=ospfv3-out redistribute=connected,static,vpn,dhcp,modem router-id=192.168.200.0 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add disabled=no instance=default-v3 name=backbone-v3 /routing rip instance add name=rip-instance-4 originate-default=if-installed redistribute=connected,static route-gc-timeout=120 route-timeout=180 routing-table=main update-interval=30 /snmp community set [ find default=yes ] addresses=45.236.84.0/22,192.168.0.0/16,35.237.63.30/32 name=public-noway write-access=yes /system logging action set 3 remote=192.168.248.68 src-address=45.236.84.0 add name=memFirewall target=memory add name=memBgp target=memory add name=memOspf target=memory /user group add name=nzmmaster policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,romon,!web,!api,!rest-api" add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,password,sensitive,!reboot,!winbox,!web,!sniff,!api,!romon,!rest-api" #error exporting /interface/bridge/calea /interface bridge port add bridge=oob-digistar ingress-filtering=no interface=ether7 add bridge=oob-digistar ingress-filtering=no interface=ether8 add bridge=bridge-testeNE ingress-filtering=no interface=ether1 add bridge=bridge-testeNE ingress-filtering=no interface=vlan18-testeNE /ip firewall connection tracking set loose-tcp-tracking=no /ip neighbor discovery-settings set discover-interface-list=all /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface l2tp-server server set use-ipsec=required /interface list member add interface=vlan600 list=wan add interface=vlan601 list=wan add interface=vlan11-BGP list=wan add interface=ether4 list=wan /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add disabled=no interface=vlan205 service-name=teste-pppoe /interface pptp-server server # PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead set default-profile=default /ip address add address=192.168.200.255 interface=loopbridge network=192.168.200.255 add address=192.168.254.253/30 interface=sfp-sfpplus2 network=192.168.254.252 add address=45.236.84.0 interface=loopbridge network=45.236.84.0 add address=172.28.179.6/30 interface=vlan601 network=172.28.179.4 add address=192.168.200.0 interface=loopbridge network=192.168.200.0 add address=192.168.11.1/30 interface=vlan2 network=192.168.11.0 add address=192.168.254.249/30 interface=vlan200 network=192.168.254.248 add address=192.168.254.21/30 interface=vlan201 network=192.168.254.20 add address=192.168.254.17/30 interface=vlan202 network=192.168.254.16 add address=192.168.254.29/30 interface=vlan203 network=192.168.254.28 add address=192.168.99.129/30 interface=vlan204 network=192.168.99.128 add address=192.168.99.137/30 interface=vlan205 network=192.168.99.136 add address=172.16.10.1/30 interface=vlan15 network=172.16.10.0 add address=45.236.84.249/29 interface=vlan60-srv network=45.236.84.248 add address=45.236.84.33/30 interface=ether2 network=45.236.84.32 add address=45.236.84.36 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.36 add address=45.236.84.37 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.37 add address=45.236.84.38 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.38 add address=45.236.84.39 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.39 add address=45.236.84.40 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.40 add address=45.236.84.41 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.41 add address=45.236.84.42 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.42 add address=45.236.84.43 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.43 add address=45.236.84.44 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.44 add address=45.236.84.45 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.45 add address=45.236.84.46 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.46 add address=45.236.84.47 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.47 add address=45.236.84.48 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.48 add address=45.236.84.49 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.49 add address=45.236.84.50 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.50 add address=45.236.84.51 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.51 add address=45.236.84.52 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.52 add address=45.236.84.53 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.53 add address=45.236.84.54 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.54 add address=45.236.84.55 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.55 add address=45.236.84.56 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.56 add address=45.236.84.57 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.57 add address=45.236.84.58 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.58 add address=45.236.84.59 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.59 add address=45.236.84.60 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.60 add address=45.236.84.61 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.61 add address=45.236.84.62 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.62 add address=45.236.84.63 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.63 add address=192.168.254.241/30 interface=vlan59 network=192.168.254.240 add address=192.168.254.237/30 interface=vlan58 network=192.168.254.236 add address=192.168.10.1/24 interface=oob-digistar network=192.168.10.0 add address=45.236.87.32 interface=CGNAT network=45.236.87.32 add address=45.236.87.33 interface=CGNAT network=45.236.87.33 add address=45.236.87.34 interface=CGNAT network=45.236.87.34 add address=45.236.87.35 interface=CGNAT network=45.236.87.35 add address=45.236.87.36 interface=CGNAT network=45.236.87.36 add address=45.236.87.37 interface=CGNAT network=45.236.87.37 add address=45.236.87.38 interface=CGNAT network=45.236.87.38 add address=45.236.87.39 interface=CGNAT network=45.236.87.39 add address=45.236.87.40 interface=CGNAT network=45.236.87.40 add address=45.236.87.41 interface=CGNAT network=45.236.87.41 add address=45.236.87.42 interface=CGNAT network=45.236.87.42 add address=45.236.87.43 interface=CGNAT network=45.236.87.43 add address=45.236.84.1 interface=loopbridge network=45.236.84.1 add address=192.168.254.245/30 interface=vlan350-kairos network=192.168.254.244 add address=192.168.200.1 interface=loopbridge network=192.168.200.1 add address=192.168.254.233/30 interface=vlan15 network=192.168.254.232 add address=192.168.99.141/30 interface=vlan2080 network=192.168.99.140 add address=45.236.87.44 interface=CGNAT network=45.236.87.44 add address=192.168.254.82/30 interface=vlan10-BRAS network=192.168.254.80 add address=192.168.254.90/30 interface=vlan11-BGP network=192.168.254.88 add address=192.168.254.94/30 interface=vlan9-BRAS_PBR network=192.168.254.92 add address=45.236.84.171 interface=loopbridge network=45.236.84.1 add address=45.236.84.112 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.112 add address=45.236.84.113 comment="{CGNat NZM}" interface=CGNAT network=45.236.84.113 add address=45.236.87.64 interface=CGNat-87.64 network=45.236.87.64 add address=45.236.87.65 interface=CGNat-87.65 network=45.236.87.65 add address=45.236.87.66 interface=CGNat-87.66 network=45.236.87.66 add address=45.236.87.67 interface=CGNat-87.67 network=45.236.87.67 add address=45.236.87.68 interface=CGNat-87.68 network=45.236.87.68 add address=45.236.87.69 interface=CGNat-87.69 network=45.236.87.69 add address=45.236.87.70 interface=CGNat-87.70 network=45.236.87.70 add address=45.236.87.71 interface=CGNat-87.71 network=45.236.87.71 add address=45.236.87.72 interface=CGNat-87.72 network=45.236.87.72 add address=45.236.87.73 interface=CGNat-87.73 network=45.236.87.73 add address=45.236.87.74 interface=CGNat-87.74 network=45.236.87.74 add address=45.236.87.75 interface=CGNat-87.75 network=45.236.87.75 add address=45.236.87.76 interface=CGNat-87.76 network=45.236.87.76 add address=45.236.87.77 interface=CGNat-87.77 network=45.236.87.77 add address=45.236.87.78 interface=CGNat-87.78 network=45.236.87.78 add address=45.236.87.79 interface=CGNat-87.79 network=45.236.87.79 add address=45.236.87.80 interface=CGNat-87.80 network=45.236.87.80 add address=45.236.87.81 interface=CGNat-87.81 network=45.236.87.81 add address=45.236.87.82 interface=CGNat-87.82 network=45.236.87.82 add address=45.236.87.83 interface=CGNat-87.83 network=45.236.87.83 add address=45.236.87.84 interface=CGNat-87.84 network=45.236.87.84 add address=45.236.87.85 interface=CGNat-87.85 network=45.236.87.85 add address=45.236.87.86 interface=CGNat-87.86 network=45.236.87.86 add address=45.236.87.87 interface=CGNat-87.87 network=45.236.87.87 add address=45.236.87.88 interface=CGNat-87.88 network=45.236.87.88 add address=45.236.87.89 interface=CGNat-87.89 network=45.236.87.89 add address=45.236.87.90 interface=CGNat-87.90 network=45.236.87.90 add address=45.236.87.91 interface=CGNat-87.91 network=45.236.87.91 add address=45.236.87.92 interface=CGNat-87.92 network=45.236.87.92 add address=45.236.87.93 interface=CGNat-87.93 network=45.236.87.93 add address=45.236.87.94 interface=CGNat-87.94 network=45.236.87.94 add address=45.236.87.95 interface=CGNat-87.95 network=45.236.87.95 add address=45.236.87.96 interface=CGNat-87.96 network=45.236.87.96 add address=45.236.87.97 interface=CGNat-87.97 network=45.236.87.97 add address=45.236.87.98 interface=CGNat-87.98 network=45.236.87.98 add address=45.236.87.99 interface=CGNat-87.99 network=45.236.87.99 add address=45.236.87.100 interface=CGNat-87.100 network=45.236.87.100 add address=45.236.87.101 interface=CGNat-87.101 network=45.236.87.101 add address=45.236.87.102 interface=CGNat-87.102 network=45.236.87.102 add address=45.236.87.103 interface=CGNat-87.103 network=45.236.87.103 add address=45.236.87.104 interface=CGNat-87.104 network=45.236.87.104 add address=45.236.87.105 interface=CGNat-87.105 network=45.236.87.105 add address=45.236.87.106 interface=CGNat-87.106 network=45.236.87.106 add address=45.236.87.107 interface=CGNat-87.107 network=45.236.87.107 add address=45.236.87.108 interface=CGNat-87.108 network=45.236.87.108 add address=45.236.87.109 interface=CGNat-87.109 network=45.236.87.109 add address=45.236.87.110 interface=CGNat-87.110 network=45.236.87.110 add address=45.236.87.111 interface=CGNat-87.111 network=45.236.87.111 add address=45.236.87.112 interface=CGNat-87.112 network=45.236.87.112 add address=45.236.87.113 interface=CGNat-87.113 network=45.236.87.113 add address=45.236.87.114 interface=CGNat-87.114 network=45.236.87.114 add address=45.236.87.115 interface=CGNat-87.115 network=45.236.87.115 add address=45.236.87.116 interface=CGNat-87.116 network=45.236.87.116 add address=45.236.87.117 interface=CGNat-87.117 network=45.236.87.117 add address=45.236.87.118 interface=CGNat-87.118 network=45.236.87.118 add address=45.236.87.119 interface=CGNat-87.119 network=45.236.87.119 add address=45.236.87.120 interface=CGNat-87.120 network=45.236.87.120 add address=45.236.87.121 interface=CGNat-87.121 network=45.236.87.121 add address=45.236.87.122 interface=CGNat-87.122 network=45.236.87.122 add address=45.236.87.123 interface=CGNat-87.123 network=45.236.87.123 add address=45.236.87.124 interface=CGNat-87.124 network=45.236.87.124 add address=45.236.87.125 interface=CGNat-87.125 network=45.236.87.125 add address=45.236.87.126 interface=CGNat-87.126 network=45.236.87.126 add address=45.236.87.127 interface=CGNat-87.127 network=45.236.87.127 add address=45.236.87.21/30 interface=vlan1499 network=45.236.87.20 add address=192.168.254.33/30 comment="LINK BANCO AILOS" interface=vlan500 network=192.168.254.32 add address=10.60.0.1/30 interface=vlan601 network=10.60.0.0 add address=45.236.84.173/30 comment="COLEGIO ANA BOICO " disabled=yes interface=vlan1004 network=45.236.84.172 add address=10.0.0.241/30 comment="BANCO SICOOB" interface=vlan1600-Banco-Sicoob network=10.0.0.240 add address=192.168.103.137/29 comment="REPETIDORA ERVATEIRA BUTIAZAL " interface=vlan2017 network=192.168.103.136 add address=192.168.100.81/30 comment="REPETIDORA SONIA M5" interface=vlan603 network=192.168.100.80 add address=192.168.100.93/30 comment="REPETIDORA DO JACSON" interface=vlan604 network=192.168.100.92 add address=45.236.87.1/29 interface=vlan60-srv network=45.236.87.0 add address=45.236.87.128 interface=CGNat-87.128 network=45.236.87.128 add address=45.236.87.129 interface=CGNat-87.129 network=45.236.87.129 add address=45.236.87.130 interface=CGNat-87.130 network=45.236.87.130 add address=45.236.87.131 interface=CGNat-87.131 network=45.236.87.131 add address=45.236.87.132 interface=CGNat-87.132 network=45.236.87.132 add address=45.236.87.133 interface=CGNat-87.133 network=45.236.87.133 add address=45.236.87.134 interface=CGNat-87.134 network=45.236.87.134 add address=45.236.87.135 interface=CGNat-87.135 network=45.236.87.135 add address=45.236.87.136 interface=CGNat-87.136 network=45.236.87.136 add address=45.236.87.137 interface=CGNat-87.137 network=45.236.87.137 add address=45.236.87.138 interface=CGNat-87.138 network=45.236.87.138 add address=45.236.87.139 interface=CGNat-87.139 network=45.236.87.139 add address=45.236.87.140 interface=CGNat-87.140 network=45.236.87.140 add address=45.236.87.141 interface=CGNat-87.141 network=45.236.87.141 add address=45.236.87.142 interface=CGNat-87.142 network=45.236.87.142 add address=45.236.87.143 interface=CGNat-87.143 network=45.236.87.143 add address=45.236.87.144 interface=CGNat-87.144 network=45.236.87.144 add address=45.236.87.145 interface=CGNat-87.145 network=45.236.87.145 add address=45.236.87.146 interface=CGNat-87.146 network=45.236.87.146 add address=45.236.87.147 interface=CGNat-87.147 network=45.236.87.147 add address=45.236.87.148 interface=CGNat-87.148 network=45.236.87.148 add address=45.236.87.149 interface=CGNat-87.149 network=45.236.87.149 add address=45.236.87.150 interface=CGNat-87.150 network=45.236.87.150 add address=45.236.87.151 interface=CGNat-87.151 network=45.236.87.151 add address=45.236.87.152 interface=CGNat-87.152 network=45.236.87.152 add address=45.236.87.153 interface=CGNat-87.153 network=45.236.87.153 add address=45.236.87.154 interface=CGNat-87.154 network=45.236.87.154 add address=45.236.87.155 interface=CGNat-87.155 network=45.236.87.155 add address=45.236.87.156 interface=CGNat-87.156 network=45.236.87.156 add address=45.236.87.157 interface=CGNat-87.157 network=45.236.87.157 add address=45.236.87.158 interface=CGNat-87.158 network=45.236.87.158 add address=45.236.87.159 interface=CGNat-87.159 network=45.236.87.159 add address=45.236.87.160 interface=CGNat-87.160 network=45.236.87.160 add address=45.236.87.161 interface=CGNat-87.161 network=45.236.87.161 add address=45.236.87.162 interface=CGNat-87.162 network=45.236.87.162 add address=45.236.87.163 interface=CGNat-87.163 network=45.236.87.163 add address=45.236.87.164 interface=CGNat-87.164 network=45.236.87.164 add address=45.236.87.165 interface=CGNat-87.165 network=45.236.87.165 add address=45.236.87.166 interface=CGNat-87.166 network=45.236.87.166 add address=45.236.87.167 interface=CGNat-87.167 network=45.236.87.167 add address=45.236.87.168 interface=CGNat-87.168 network=45.236.87.168 add address=45.236.87.169 interface=CGNat-87.169 network=45.236.87.169 add address=45.236.87.170 interface=CGNat-87.170 network=45.236.87.170 add address=45.236.87.171 interface=CGNat-87.171 network=45.236.87.171 add address=45.236.87.172 interface=CGNat-87.172 network=45.236.87.172 add address=45.236.87.173 interface=CGNat-87.173 network=45.236.87.173 add address=45.236.87.174 interface=CGNat-87.174 network=45.236.87.174 add address=45.236.87.175 interface=CGNat-87.175 network=45.236.87.175 add address=45.236.87.176 interface=CGNat-87.176 network=45.236.87.176 add address=45.236.87.177 interface=CGNat-87.177 network=45.236.87.177 add address=45.236.87.178 interface=CGNat-87.178 network=45.236.87.178 add address=45.236.87.179 interface=CGNat-87.179 network=45.236.87.179 add address=45.236.87.180 interface=CGNat-87.180 network=45.236.87.180 add address=45.236.87.181 interface=CGNat-87.181 network=45.236.87.181 add address=45.236.87.182 interface=CGNat-87.182 network=45.236.87.182 add address=45.236.87.183 interface=CGNat-87.183 network=45.236.87.183 add address=45.236.87.184 interface=CGNat-87.184 network=45.236.87.184 add address=45.236.87.185 interface=CGNat-87.185 network=45.236.87.185 add address=45.236.87.186 interface=CGNat-87.186 network=45.236.87.186 add address=45.236.87.187 interface=CGNat-87.187 network=45.236.87.187 add address=45.236.87.188 interface=CGNat-87.188 network=45.236.87.188 add address=45.236.87.189 interface=CGNat-87.189 network=45.236.87.189 add address=45.236.87.190 interface=CGNat-87.190 network=45.236.87.190 add address=45.236.87.191 interface=CGNat-87.191 network=45.236.87.191 add address=192.168.254.25/30 comment="Predio Jackson Muller - Gerencia" interface=vlan206 network=192.168.254.24 add address=192.168.15.1/30 interface=vlan99 network=192.168.15.0 add address=192.168.104.65/29 interface=vlan2018-repetidora-madsul network=192.168.104.64 /ip dns set servers=45.236.84.18,45.236.84.19,2804:4de8:800:8000::18,2804:4de8:800:8000::19 /ip firewall address-list add address=45.236.84.0/24 list=bgp-networks add address=45.236.86.0/24 list=redesProtegidas add address=45.236.84.128/26 list=redesProtegidas2 add address=45.236.84.96/27 list=redesProtegidas2 add address=45.236.84.192/27 list=redesProtegidas2 add address=192.168.0.0/16 list=redesProtek add address=100.64.0.0/10 list=redesProtek add address=45.236.84.0/22 list=redesProtek add address=45.236.84.16/28 list=servidoresProtek add address=45.236.84.18 list=dnsRecProtek add address=45.236.84.19 list=dnsRecProtek add address=45.236.84.20 list=dnsAuthProtek add address=45.236.84.21 list=dnsAuthProtek add address=45.236.84.64/27 list=redesProtegidas2 add address=45.236.87.0/25 list=redesProtegidas add address=45.236.87.128/26 list=redesProtegidas add address=45.236.87.192/27 list=redesProtegidas add address=10.0.0.0/8 list=redeLocal add address=192.168.0.0/16 list=redeLocal add address=172.16.0.0/12 list=redeLocal add address=100.64.0.0/10 list=redeLocal add address=45.236.84.0/22 list=redeLocal add address=10.0.0.0/8 list=redeLocalPriv add address=172.16.0.0/12 list=redeLocalPriv add address=100.64.0.0/10 list=redeLocalPriv add address=192.168.0.0/16 list=redeLocalPriv add address=45.236.84.16/28 list=IPs_Liberados add address=54.214.111.168 list=IPs_Bloqueados add address=92.63.194.0/24 list=IPs_Bloqueados add address=49.88.112.112 list=IPs_Bloqueados add address=58.69.139.152 list=IPs_Bloqueados add address=222.186.175.151 list=IPs_Bloqueados add address=45.236.84.0 list=uplink-ips add address=192.168.254.252/30 list=uplink-ips add address=0.0.0.0/8 list=uplink-bogons add address=10.0.0.0/8 disabled=yes list=uplink-bogons add address=100.64.0.0/10 list=uplink-bogons add address=127.0.0.0/8 list=uplink-bogons add address=169.254.0.0/16 list=uplink-bogons add address=172.16.0.0/12 disabled=yes list=uplink-bogons add address=192.0.0.0/24 list=uplink-bogons add address=192.0.2.0/24 list=uplink-bogons add address=192.168.0.0/16 list=uplink-bogons add address=198.18.0.0/15 list=uplink-bogons add address=198.51.100.0/24 list=uplink-bogons add address=203.0.113.0/24 list=uplink-bogons add address=224.0.0.0/4 list=uplink-bogons add address=240.0.0.0/4 list=uplink-bogons add address=255.255.255.255 list=uplink-bogons add address=192.168.200.255 list=uplink-ips add address=185.202.1.164 list=IPs_Bloqueados add address=167.172.35.0/24 list=IPs_Bloqueados add address=197.248.10.0/24 list=IPs_Bloqueados add address=45.236.84.16/28 comment="liberacao servidores" list=ips-liberados-restricao add address=45.236.84.34 comment="liberacao loja" list=ips-liberados-restricao add address=45.236.84.64/26 comment="liberacao clientes empresariais" list=ips-liberados-restricao add address=45.236.84.248/29 comment="liberacao servidores" list=ips-liberados-restricao add address=45.236.84.0/22 list=ips-protek-restricao-acesso-remoto add address=100.64.0.0/10 list=ips-protek-restricao-acesso-remoto add address=10.0.0.0/8 list=ips-protek-restricao-acesso-remoto add address=195.54.160.0/24 list=IPs_Bloqueados add address=45.236.87.254 list=IPs_Liberados_Clientes add address=45.236.84.248/29 list=IPs_Liberados add address=157.245.60.215 list=IPs_Bloqueados add address=188.226.250.187 list=IPs_Bloqueados add address=14.225.3.47 list=IPs_Bloqueados add address=45.236.84.170 comment="magazine " list=ips-liberados-restricao add address=192.168.254.234 list=redeLocal add address=45.187.80.250 list=ips-liberados add address=177.10.56.96 list=ips-liberados add address=177.10.56.141 list=ips-liberados add address=45.236.84.34 list=ips-liberados add address=45.236.85.0/24 list=bgp-networks add address=45.236.86.0/24 list=bgp-networks add address=45.236.87.0/24 list=bgp-networks add address=45.236.84.0/22 list=bgp-networks add address=45.236.84.0/23 list=bgp-networks add address=45.236.86.0/23 list=bgp-networks add address=45.236.84.25 list=ips-radio-voalle add address=45.236.84.26 list=ips-radio-voalle add address=45.236.87.255 list=ips-radio-voalle add address=45.236.84.24 list=ips-radio-voalle add address=45.236.87.109 list=ips-liberados add address=45.187.80.250 list=IPs_Liberados add address=45.236.84.2 comment=SBSJ list=ips-equipamentos add address=45.236.84.4 comment="Santa Rosa" list=ips-equipamentos add address=45.236.87.17 comment="Link Ailos Banco" list=ips-equipamentos add address=45.236.87.22 comment="RB Clientes" list=ips-equipamentos add address=45.236.84.30 comment=Dude list=ips-equipamentos add address=45.236.84.34 comment="RB Loja" list=ips-equipamentos add address=45.187.80.250 list=Liberacao-Acesso-OLT-Huawei add address=170.81.86.101 list=Liberacao-Acesso-OLT-Huawei add address=45.191.22.243 list=Liberacao-Acesso-OLT-Huawei add address=8.8.8.8 list=dns-Liberados add address=1.1.1.1 list=dns-Liberados add address=45.236.84.18 list=dns-Liberados add address=45.236.84.19 list=dns-Liberados add address=8.8.4.4 list=dns-Liberados add address=181.214.230.16 comment="IP IXC" list=ips-liberados add address=181.214.230.16 list=redeLocal add address=24.152.39.191 list=IPs_Bloqueados add address=51.161.125.3 list=IPs_Bloqueados add address=102.165.46.209 list=IPs_Bloqueados add address=45.236.84.32/27 list=IPs_Protek_Clientes add address=45.236.84.64/26 list=IPs_Protek_Clientes add address=45.236.84.128/25 list=IPs_Protek_Clientes add address=45.236.85.0/24 list=IPs_Protek_Clientes add address=45.236.86.0/24 list=IPs_Protek_Clientes add address=45.236.87.0/24 list=IPs_Protek_Clientes add address=185.233.19.0/24 list=IPs_Bloqueados_L2TP add address=198.199.106.0/24 list=IPs_Bloqueados_L2TP add address=202.112.238.254 list=IPs_Bloqueados_L2TP add address=71.6.135.131 list=IPs_Bloqueados_L2TP add address=183.136.225.42 list=IPs_Bloqueados_L2TP add address=167.94.138.124 list=IPs_Bloqueados_L2TP add address=167.248.133.35 list=IPs_Bloqueados_L2TP add address=107.6.112.252 list=IPs_Bloqueados_L2TP add address=152.32.143.105 list=IPs_Bloqueados_L2TP add address=167.94.138.127 list=IPs_Bloqueados_L2TP add address=167.248.133.37 list=IPs_Bloqueados_L2TP add address=167.248.138.126 list=IPs_Bloqueados_L2TP add address=167.248.133.187 list=IPs_Bloqueados_L2TP add address=167.248.133.0/24 list=IPs_Bloqueados_L2TP add address=167.142.125.0/24 list=IPs_Bloqueados_L2TP add address=24.152.39.191 list=DNS-Maliciosos add address=51.161.125.3 list=DNS-Maliciosos add address=45.236.86.37 list=IPs_Liberados add address=45.236.86.133 list=IPs_Liberados add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting /ip/firewall/calea /ip firewall filter add action=accept chain=forward dst-address=45.236.84.6 add action=drop chain=forward protocol=tcp src-port=0 add action=drop chain=forward log=yes log-prefix=SMTP_DROP port=25 protocol=tcp add action=accept chain=forward dst-address-list=ips-radio-voalle src-address=190.111.179.0/24 add action=accept chain=input comment="Gerencia Firewall" dst-address=45.236.84.0 dst-port=25000 in-interface=vlan11-BGP protocol=tcp src-address-list=ips-liberados add action=accept chain=forward comment="Gerencia Firewall" dst-address=45.236.84.6 dst-port=25000 in-interface=vlan11-BGP protocol=tcp src-address-list=ips-liberados add action=accept chain=forward comment="Acesso RB Sicoob" dst-address=45.236.84.177 dst-port=25000,10022 in-interface=vlan11-BGP protocol=tcp src-address-list=ips-liberados add action=accept chain=forward comment="Acesso RB sup. miguel" dst-address=45.236.86.35 dst-port=25000,10022 in-interface=vlan11-BGP protocol=tcp src-address-list=ips-liberados add action=accept chain=forward comment="Gerencia Firewall" dst-address=45.236.84.84 dst-port=25000 in-interface=vlan11-BGP protocol=tcp src-address-list=ips-liberados add action=accept chain=forward comment="Gerencia Equipamentos" dst-address-list=ips-equipamentos dst-port=25000 in-interface=vlan11-BGP protocol=tcp src-address-list=ips-liberados add action=accept chain=forward comment="Libera\E7\E3o de acesso aos servidores" dst-address=45.236.84.16/28 dst-port=22,9022 in-interface=vlan11-BGP protocol=tcp src-address=45.187.80.250 add action=accept chain=forward comment="Liberacao Synsuite" dst-address=45.236.84.16/28 in-interface=vlan11-BGP src-address=190.111.179.0/24 add action=drop chain=forward comment="Bloqueio acesso remoto nos servidores" dst-address=45.236.84.16/28 dst-port=22,23,9022 in-interface=vlan11-BGP protocol=tcp add action=drop chain=input comment="Bloqueio portas acesso" dst-address=45.236.84.0/22 dst-port=22,2211,9022,10022,12222,8291,25000 in-interface=vlan11-BGP protocol=tcp add action=drop chain=forward dst-address=45.236.84.0/22 dst-port=22,2211,9022,10022,12222,8291,25000 in-interface=vlan11-BGP protocol=tcp add action=accept chain=forward comment="Outras Regras" dst-address=45.236.86.92 add action=accept chain=forward dst-address=45.236.86.54 add action=accept chain=forward src-address=45.236.86.92 add action=accept chain=forward src-address=45.236.86.54 add action=drop chain=input disabled=yes src-address=45.187.80.250 add action=fasttrack-connection chain=forward hw-offload=yes /ip firewall nat add action=accept chain=dstnat dst-address=192.168.199.1 add action=dst-nat chain=dstnat dst-address-list=DNS-Maliciosos dst-port=53 protocol=udp to-addresses=45.236.84.18 to-ports=53 add action=accept chain=dstnat src-address=192.168.199.1 add action=dst-nat chain=dstnat comment="Redir de DNS dos IPs Bloqueados para os IPs da Protek" disabled=yes dst-address-list=!dns-Liberados dst-port=53 protocol=udp to-addresses=45.236.84.18 add action=accept chain=srcnat src-address=45.236.86.54 add action=accept chain=dstnat dst-address=45.236.86.54 add action=dst-nat chain=dstnat dst-address=45.236.84.0 dst-port=8290 protocol=tcp to-addresses=192.168.11.2 to-ports=25000 add action=accept chain=srcnat src-address=192.168.254.232/30 add action=accept chain=srcnat src-address=192.168.254.80/30 add action=accept chain=srcnat src-address=192.168.254.88/30 add action=dst-nat chain=dstnat comment="Acesso externo OLT VSOL Horizonte" dst-address=45.236.84.0 dst-port=55912 protocol=tcp src-address=45.187.80.250 to-addresses=192.168.20.2 to-ports=443 add action=accept chain=srcnat dst-address=192.168.254.80/30 add action=accept chain=srcnat dst-address=192.168.254.232 add action=accept chain=dstnat dst-address=45.236.84.0 src-address=192.144.73.19 add action=accept chain=srcnat dst-address=192.144.73.19 src-address=45.236.84.0 add action=accept chain=dstnat dst-address=192.144.73.19 src-address=45.236.84.0 add action=dst-nat chain=dstnat comment="# NZM ## Synsuite - Aviso_Bloqueio" protocol=tcp src-address-list=Aviso_Bloqueio to-addresses=45.236.84.24 to-ports=83 add action=dst-nat chain=dstnat comment="# NZM ## Synsuite - Bloqueado" protocol=tcp src-address-list=Bloqueado to-addresses=45.236.84.24 to-ports=84 add action=dst-nat chain=dstnat comment="# NZM ## Synsuite - Bloqueado" protocol=tcp src-address=192.168.50.0/24 to-addresses=45.236.84.24 to-ports=84 add action=dst-nat chain=dstnat comment="# NZM ## Synsuite - Bloqueado" protocol=tcp src-address=192.168.51.0/24 to-addresses=45.236.84.24 to-ports=84 add action=dst-nat chain=dstnat comment="NAT IXC <> OLT Huawei" dst-address=45.236.84.0 dst-port=55911 protocol=tcp to-addresses=192.168.15.2 to-ports=23 add action=dst-nat chain=dstnat comment="NAT <> OLT Huawei {SSH}" dst-address=45.236.84.1 dst-port=9221 protocol=tcp to-addresses=192.168.15.2 to-ports=22 add action=dst-nat chain=dstnat disabled=yes dst-address-list=IPs_Bloqueados dst-port=53 protocol=udp to-addresses=45.236.84.18 add action=dst-nat chain=dstnat disabled=yes dst-address=45.236.84.18 dst-port=53 protocol=udp to-addresses=45.236.84.19 add action=src-nat chain=srcnat disabled=yes out-interface-list=wan src-address=45.236.84.0/22 to-addresses=45.236.84.0 add action=dst-nat chain=dstnat dst-address=45.236.84.1 dst-port=18291 protocol=tcp to-addresses=192.168.11.2 to-ports=8291 add action=dst-nat chain=dstnat dst-address=45.236.84.1 dst-port=58006 protocol=tcp to-addresses=192.168.248.74 to-ports=8006 add action=dst-nat chain=dstnat dst-address=45.236.84.1 dst-port=20080 protocol=tcp to-addresses=100.64.1.174 to-ports=80 add action=dst-nat chain=dstnat dst-address=45.236.84.1 dst-port=20443 protocol=tcp to-addresses=100.64.1.174 to-ports=443 add action=src-nat chain=srcnat disabled=yes out-interface=vlan11-BGP src-address=192.168.200.12 to-addresses=45.236.84.113 add action=jump chain=srcnat comment="CGNAT1 NE8000 TCP" jump-target=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.0/22 add action=jump chain=srcnat comment="CGNAT1 NE8000 UDP" jump-target=cgnat1-NE-UDP protocol=udp src-address=100.80.0.0/22 add action=jump chain=srcnat comment="CGNAT1 NE8000 Outros Protocolos" jump-target=cgnat1-NE-Outros src-address=100.80.0.0/22 add action=jump chain=srcnat comment="CGNAT2 NE8000 TCP" jump-target=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.0/22 add action=jump chain=srcnat comment="CGNAT2 NE8000 UDP" jump-target=cgnat2-NE-UDP protocol=udp src-address=100.80.4.0/22 add action=jump chain=srcnat comment="CGNAT2 NE8000 Outros Protocolos" jump-target=cgnat2-NE-Outros src-address=100.80.4.0/22 add action=jump chain=srcnat comment="CGNAT 3 - NE - TCP" jump-target=cgnat-3-NE-TCP protocol=tcp src-address=100.80.8.0/21 add action=jump chain=srcnat comment="CGNAT 3 - NE - UDP" jump-target=cgnat-3-NE-UDP protocol=udp src-address=100.80.8.0/21 add action=netmap chain=srcnat comment="CGNAT 3 - NE - OUTROS" src-address=100.80.8.0/21 to-addresses=45.236.87.128/26 add action=src-nat chain=srcnat out-interface=vlan11-BGP src-address=100.80.0.0/23 to-addresses=45.236.84.112 add action=src-nat chain=srcnat out-interface=vlan11-BGP src-address=100.80.2.0/23 to-addresses=45.236.84.113 add action=src-nat chain=srcnat comment="CGNAT NZM 1" src-address=100.64.0.0/26 to-addresses=45.236.84.36 add action=src-nat chain=srcnat comment="CGNAT NZM 2" src-address=100.64.0.64/26 to-addresses=45.236.84.37 add action=src-nat chain=srcnat comment="CGNAT NZM 3" src-address=100.64.0.128/26 to-addresses=45.236.84.38 add action=src-nat chain=srcnat comment="CGNAT NZM 4" src-address=100.64.0.192/26 to-addresses=45.236.84.39 add action=src-nat chain=srcnat comment="CGNAT NZM 5" src-address=100.64.1.0/26 to-addresses=45.236.84.40 add action=src-nat chain=srcnat comment="CGNAT NZM 6" src-address=100.64.1.64/26 to-addresses=45.236.84.41 add action=src-nat chain=srcnat comment="CGNAT NZM 7" src-address=100.64.1.128/26 to-addresses=45.236.84.42 add action=src-nat chain=srcnat comment="CGNAT NZM 8" src-address=100.64.1.192/26 to-addresses=45.236.84.43 add action=src-nat chain=srcnat comment="CGNAT NZM 9" src-address=100.64.2.0/26 to-addresses=45.236.84.44 add action=src-nat chain=srcnat comment="CGNAT NZM 10" src-address=100.64.2.64/26 to-addresses=45.236.84.45 add action=src-nat chain=srcnat comment="CGNAT NZM 11" src-address=100.64.2.128/26 to-addresses=45.236.84.46 add action=src-nat chain=srcnat comment="CGNAT NZM 12" src-address=100.64.2.192/26 to-addresses=45.236.84.47 add action=src-nat chain=srcnat comment="CGNAT NZM 13" src-address=100.64.3.0/26 to-addresses=45.236.84.48 add action=src-nat chain=srcnat comment="CGNAT NZM 14" src-address=100.64.3.64/26 to-addresses=45.236.84.49 add action=src-nat chain=srcnat comment="CGNAT NZM 15" src-address=100.64.3.128/26 to-addresses=45.236.84.50 add action=src-nat chain=srcnat comment="CGNAT NZM 16" src-address=100.64.3.192/26 to-addresses=45.236.84.51 add action=src-nat chain=srcnat comment="CGNAT NZM 13" src-address=100.64.4.0/26 to-addresses=45.236.84.48 add action=src-nat chain=srcnat comment="CGNAT NZM 14" src-address=100.64.4.64/26 to-addresses=45.236.84.49 add action=src-nat chain=srcnat comment="CGNAT NZM 15" src-address=100.64.4.128/26 to-addresses=45.236.84.50 add action=src-nat chain=srcnat comment="CGNAT NZM 16" src-address=100.64.4.192/26 to-addresses=45.236.84.51 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.5.0/26 to-addresses=45.236.87.32 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.5.64/26 to-addresses=45.236.87.33 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.5.128/26 to-addresses=45.236.87.34 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.5.192/26 to-addresses=45.236.87.35 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.6.0/26 to-addresses=45.236.87.36 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.6.64/26 to-addresses=45.236.87.37 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.6.128/26 to-addresses=45.236.87.38 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.6.192/26 to-addresses=45.236.87.39 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.7.0/26 to-addresses=45.236.87.40 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.7.64/26 to-addresses=45.236.87.41 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.7.128/26 to-addresses=45.236.87.42 add action=src-nat chain=srcnat comment="CGNAT NZM BNG" src-address=100.64.7.192/26 to-addresses=45.236.87.43 add action=src-nat chain=srcnat comment="# NZM ## Mascarade CORE" src-address=100.65.0.0/23 to-addresses=45.236.84.52 add action=src-nat chain=srcnat comment="# NZM ## Mascarade SJ-3011" src-address=100.65.2.0/23 to-addresses=45.236.84.53 add action=src-nat chain=srcnat comment="# NZM ## Mascarade SBSJ1" src-address=100.65.4.0/23 to-addresses=45.236.84.54 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Planalto" src-address=100.65.6.0/23 to-addresses=45.236.84.55 add action=src-nat chain=srcnat comment="# NZM ## Mascarade SBSJ3" src-address=100.65.8.0/23 to-addresses=45.236.84.56 add action=src-nat chain=srcnat comment="# NZM ## Mascarade SBSJ2" src-address=100.65.10.0/23 to-addresses=45.236.84.57 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Rebras" src-address=100.65.12.0/23 to-addresses=45.236.84.58 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Pele" src-address=100.65.14.0/23 to-addresses=45.236.84.59 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Vilmar" src-address=100.65.16.0/23 to-addresses=45.236.84.60 add action=src-nat chain=srcnat comment="# NZM ## Mascarade VRural" src-address=100.65.18.0/23 to-addresses=45.236.84.61 add action=src-nat chain=srcnat comment="# NZM ## Mascarade SR" src-address=100.65.20.0/23 to-addresses=45.236.84.62 add action=src-nat chain=srcnat comment="# NZM ## Mascarade CeuAzul2" src-address=100.65.22.0/23 to-addresses=45.236.84.63 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Marco5" src-address=100.65.24.0/23 to-addresses=45.236.87.32 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Faz Random" src-address=100.65.26.0/23 to-addresses=45.236.87.33 add action=src-nat chain=srcnat comment="# NZM ## Mascarade SJ-CE" src-address=100.65.28.0/23 to-addresses=45.236.87.34 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Gaucho" src-address=100.65.30.0/23 to-addresses=45.236.87.35 add action=src-nat chain=srcnat comment="# NZM ## Mascarade JANGADA" src-address=100.65.34.0/23 to-addresses=45.236.87.36 add action=src-nat chain=srcnat comment="# NZM ## Mascarade JANGADA" src-address=100.65.36.0/23 to-addresses=45.236.87.37 add action=src-nat chain=srcnat comment="# NZM ## Mascarade JANGADA" src-address=100.65.38.0/23 to-addresses=45.236.87.38 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Torres Interior (via synsuite)" src-address=100.65.44.0/24 to-addresses=45.236.87.41 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Iratim" src-address=100.65.40.0/23 to-addresses=45.236.87.39 add action=src-nat chain=srcnat comment="# NZM ## Mascarade IratimVila" src-address=100.65.42.0/23 to-addresses=45.236.87.40 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Torre Marcio" src-address=100.65.45.0/26 to-addresses=45.236.87.41 add action=src-nat chain=srcnat comment="# NZM ## Mascarade ##Livre##" src-address=100.65.45.64/26 to-addresses=45.236.87.41 add action=src-nat chain=srcnat comment="# NZM ## Mascarade ##Livre##" src-address=100.65.45.128/25 to-addresses=45.236.87.41 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Nabor" src-address=100.65.46.0/23 to-addresses=45.236.87.42 add action=src-nat chain=srcnat comment="# NZM ## Mascarade Nabor" src-address=100.65.47.0/24 to-addresses=45.236.87.44 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.0/27 to-addresses=45.236.87.64/27 to-ports=1500-3499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.32/27 to-addresses=45.236.87.64/27 to-ports=3500-5499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.64/27 to-addresses=45.236.87.64/27 to-ports=5500-7499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.96/27 to-addresses=45.236.87.64/27 to-ports=7500-9499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.128/27 to-addresses=45.236.87.64/27 to-ports=9500-11499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.160/27 to-addresses=45.236.87.64/27 to-ports=11500-13499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.192/27 to-addresses=45.236.87.64/27 to-ports=13500-15499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.0.224/27 to-addresses=45.236.87.64/27 to-ports=15500-17499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.0/27 to-addresses=45.236.87.64/27 to-ports=17500-19499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.32/27 to-addresses=45.236.87.64/27 to-ports=19500-21499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.64/27 to-addresses=45.236.87.64/27 to-ports=21500-23499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.96/27 to-addresses=45.236.87.64/27 to-ports=23500-25499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.128/27 to-addresses=45.236.87.64/27 to-ports=25500-27499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.160/27 to-addresses=45.236.87.64/27 to-ports=27500-29499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.192/27 to-addresses=45.236.87.64/27 to-ports=29500-31499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.1.224/27 to-addresses=45.236.87.64/27 to-ports=31500-33499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.0/27 to-addresses=45.236.87.64/27 to-ports=33500-35499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.32/27 to-addresses=45.236.87.64/27 to-ports=35500-37499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.64/27 to-addresses=45.236.87.64/27 to-ports=37500-39499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.96/27 to-addresses=45.236.87.64/27 to-ports=39500-41499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.128/27 to-addresses=45.236.87.64/27 to-ports=41500-43499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.160/27 to-addresses=45.236.87.64/27 to-ports=43500-45499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.192/27 to-addresses=45.236.87.64/27 to-ports=45500-47499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.2.224/27 to-addresses=45.236.87.64/27 to-ports=47500-49499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.0/27 to-addresses=45.236.87.64/27 to-ports=49500-51499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.32/27 to-addresses=45.236.87.64/27 to-ports=51500-53499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.64/27 to-addresses=45.236.87.64/27 to-ports=53500-55499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.96/27 to-addresses=45.236.87.64/27 to-ports=55500-57499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.128/27 to-addresses=45.236.87.64/27 to-ports=57500-59499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.160/27 to-addresses=45.236.87.64/27 to-ports=59500-61499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.192/27 to-addresses=45.236.87.64/27 to-ports=61500-63499 add action=netmap chain=cgnat1-NE-TCP protocol=tcp src-address=100.80.3.224/27 to-addresses=45.236.87.64/27 to-ports=63500-65499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.0/27 to-addresses=45.236.87.64/27 to-ports=1500-3499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.32/27 to-addresses=45.236.87.64/27 to-ports=3500-5499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.64/27 to-addresses=45.236.87.64/27 to-ports=5500-7499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.96/27 to-addresses=45.236.87.64/27 to-ports=7500-9499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.128/27 to-addresses=45.236.87.64/27 to-ports=9500-11499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.160/27 to-addresses=45.236.87.64/27 to-ports=11500-13499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.192/27 to-addresses=45.236.87.64/27 to-ports=13500-15499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.0.224/27 to-addresses=45.236.87.64/27 to-ports=15500-17499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.0/27 to-addresses=45.236.87.64/27 to-ports=17500-19499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.32/27 to-addresses=45.236.87.64/27 to-ports=19500-21499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.64/27 to-addresses=45.236.87.64/27 to-ports=21500-23499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.96/27 to-addresses=45.236.87.64/27 to-ports=23500-25499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.128/27 to-addresses=45.236.87.64/27 to-ports=25500-27499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.160/27 to-addresses=45.236.87.64/27 to-ports=27500-29499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.192/27 to-addresses=45.236.87.64/27 to-ports=29500-31499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.1.224/27 to-addresses=45.236.87.64/27 to-ports=31500-33499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.0/27 to-addresses=45.236.87.64/27 to-ports=33500-35499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.32/27 to-addresses=45.236.87.64/27 to-ports=35500-37499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.64/27 to-addresses=45.236.87.64/27 to-ports=37500-39499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.96/27 to-addresses=45.236.87.64/27 to-ports=39500-41499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.128/27 to-addresses=45.236.87.64/27 to-ports=41500-43499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.160/27 to-addresses=45.236.87.64/27 to-ports=43500-45499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.192/27 to-addresses=45.236.87.64/27 to-ports=45500-47499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.2.224/27 to-addresses=45.236.87.64/27 to-ports=47500-49499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.0/27 to-addresses=45.236.87.64/27 to-ports=49500-51499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.32/27 to-addresses=45.236.87.64/27 to-ports=51500-53499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.64/27 to-addresses=45.236.87.64/27 to-ports=53500-55499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.96/27 to-addresses=45.236.87.64/27 to-ports=55500-57499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.128/27 to-addresses=45.236.87.64/27 to-ports=57500-59499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.160/27 to-addresses=45.236.87.64/27 to-ports=59500-61499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.192/27 to-addresses=45.236.87.64/27 to-ports=61500-63499 add action=netmap chain=cgnat1-NE-UDP protocol=udp src-address=100.80.3.224/27 to-addresses=45.236.87.64/27 to-ports=63500-65499 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.0/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.32/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.64/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.96/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.128/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.160/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.192/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.0.224/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.0/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.32/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.64/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.96/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.128/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.160/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.192/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.1.224/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.0/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.32/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.64/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.96/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.128/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.160/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.192/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.2.224/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.0/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.32/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.64/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.96/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.128/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.160/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.192/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat1-NE-Outros src-address=100.80.3.224/27 to-addresses=45.236.87.64/27 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.0/27 to-addresses=45.236.87.96/27 to-ports=1500-3499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.32/27 to-addresses=45.236.87.96/27 to-ports=3500-5499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.64/27 to-addresses=45.236.87.96/27 to-ports=5500-7499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.96/27 to-addresses=45.236.87.96/27 to-ports=7500-9499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.128/27 to-addresses=45.236.87.96/27 to-ports=9500-11499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.160/27 to-addresses=45.236.87.96/27 to-ports=11500-13499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.192/27 to-addresses=45.236.87.96/27 to-ports=13500-15499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.4.224/27 to-addresses=45.236.87.96/27 to-ports=15500-17499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.0/27 to-addresses=45.236.87.96/27 to-ports=17500-19499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.32/27 to-addresses=45.236.87.96/27 to-ports=19500-21499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.64/27 to-addresses=45.236.87.96/27 to-ports=21500-23499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.96/27 to-addresses=45.236.87.96/27 to-ports=23500-25499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.128/27 to-addresses=45.236.87.96/27 to-ports=25500-27499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.160/27 to-addresses=45.236.87.96/27 to-ports=27500-29499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.192/27 to-addresses=45.236.87.96/27 to-ports=29500-31499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.5.224/27 to-addresses=45.236.87.96/27 to-ports=31500-33499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.0/27 to-addresses=45.236.87.96/27 to-ports=33500-35499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.32/27 to-addresses=45.236.87.96/27 to-ports=35500-37499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.64/27 to-addresses=45.236.87.96/27 to-ports=37500-39499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.96/27 to-addresses=45.236.87.96/27 to-ports=39500-41499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.128/27 to-addresses=45.236.87.96/27 to-ports=41500-43499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.160/27 to-addresses=45.236.87.96/27 to-ports=43500-45499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.192/27 to-addresses=45.236.87.96/27 to-ports=45500-47499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.6.224/27 to-addresses=45.236.87.96/27 to-ports=47500-49499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.0/27 to-addresses=45.236.87.96/27 to-ports=49500-51499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.32/27 to-addresses=45.236.87.96/27 to-ports=51500-53499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.64/27 to-addresses=45.236.87.96/27 to-ports=53500-55499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.96/27 to-addresses=45.236.87.96/27 to-ports=55500-57499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.128/27 to-addresses=45.236.87.96/27 to-ports=57500-59499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.160/27 to-addresses=45.236.87.96/27 to-ports=59500-61499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.192/27 to-addresses=45.236.87.96/27 to-ports=61500-63499 add action=netmap chain=cgnat2-NE-TCP protocol=tcp src-address=100.80.7.224/27 to-addresses=45.236.87.96/27 to-ports=63500-65499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.0/27 to-addresses=45.236.87.96/27 to-ports=1500-3499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.32/27 to-addresses=45.236.87.96/27 to-ports=3500-5499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.64/27 to-addresses=45.236.87.96/27 to-ports=5500-7499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.96/27 to-addresses=45.236.87.96/27 to-ports=7500-9499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.128/27 to-addresses=45.236.87.96/27 to-ports=9500-11499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.160/27 to-addresses=45.236.87.96/27 to-ports=11500-13499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.192/27 to-addresses=45.236.87.96/27 to-ports=13500-15499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.4.224/27 to-addresses=45.236.87.96/27 to-ports=15500-17499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.0/27 to-addresses=45.236.87.96/27 to-ports=17500-19499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.32/27 to-addresses=45.236.87.96/27 to-ports=19500-21499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.64/27 to-addresses=45.236.87.96/27 to-ports=21500-23499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.96/27 to-addresses=45.236.87.96/27 to-ports=23500-25499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.128/27 to-addresses=45.236.87.96/27 to-ports=25500-27499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.160/27 to-addresses=45.236.87.96/27 to-ports=27500-29499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.192/27 to-addresses=45.236.87.96/27 to-ports=29500-31499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.5.224/27 to-addresses=45.236.87.96/27 to-ports=31500-33499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.0/27 to-addresses=45.236.87.96/27 to-ports=33500-35499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.32/27 to-addresses=45.236.87.96/27 to-ports=35500-37499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.64/27 to-addresses=45.236.87.96/27 to-ports=37500-39499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.96/27 to-addresses=45.236.87.96/27 to-ports=39500-41499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.128/27 to-addresses=45.236.87.96/27 to-ports=41500-43499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.160/27 to-addresses=45.236.87.96/27 to-ports=43500-45499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.192/27 to-addresses=45.236.87.96/27 to-ports=45500-47499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.6.224/27 to-addresses=45.236.87.96/27 to-ports=47500-49499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.0/27 to-addresses=45.236.87.96/27 to-ports=49500-51499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.32/27 to-addresses=45.236.87.96/27 to-ports=51500-53499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.64/27 to-addresses=45.236.87.96/27 to-ports=53500-55499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.96/27 to-addresses=45.236.87.96/27 to-ports=55500-57499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.128/27 to-addresses=45.236.87.96/27 to-ports=57500-59499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.160/27 to-addresses=45.236.87.96/27 to-ports=59500-61499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.192/27 to-addresses=45.236.87.96/27 to-ports=61500-63499 add action=netmap chain=cgnat2-NE-UDP protocol=udp src-address=100.80.7.224/27 to-addresses=45.236.87.96/27 to-ports=63500-65499 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.0/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.32/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.64/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.96/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.128/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.160/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.192/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.4.224/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.0/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.32/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.64/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.96/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.128/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.160/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.192/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.5.224/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.0/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.32/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.64/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.96/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.128/27 to-addresses=45.236.87.96/27 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.11.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat src-address=192.168.40.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal out-interface-list=wan src-address=192.168.99.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.98.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.104.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=10.0.0.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.100.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.101.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.102.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal out-interface=vlan11-BGP src-address=192.168.103.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal out-interface=vlan11-BGP src-address=192.168.200.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.250.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.248.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.253.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat dst-address-list=!redeLocal src-address=192.168.254.0/24 to-addresses=45.236.84.1 add action=src-nat chain=srcnat comment="IPs Invalidos OLT" src-address=100.64.0.0/10 to-addresses=45.236.84.1 add action=src-nat chain=srcnat comment="IPs Privados Clientes GNET" src-address=10.10.0.0/16 to-addresses=45.236.84.1 add action=src-nat chain=srcnat comment="IPs Publicos GNET" src-address=186.232.152.0/21 to-addresses=45.236.84.1 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.160/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.192/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.6.224/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.0/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.32/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.64/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.96/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.128/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.160/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.192/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat2-NE-Outros src-address=100.80.7.224/27 to-addresses=45.236.87.96/27 add action=netmap chain=cgnat-3-NE-TCP comment="CGNAT 3 - NE - TCP" protocol=tcp src-address=100.80.8.0/26 to-addresses=45.236.87.128/26 to-ports=1500-3499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.8.64/26 to-addresses=45.236.87.128/26 to-ports=3500-5499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.8.128/26 to-addresses=45.236.87.128/26 to-ports=5500-7499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.8.192/26 to-addresses=45.236.87.128/26 to-ports=7500-9499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.9.0/26 to-addresses=45.236.87.128/26 to-ports=9500-11499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.9.64/26 to-addresses=45.236.87.128/26 to-ports=11500-13499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.9.128/26 to-addresses=45.236.87.128/26 to-ports=13500-15499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.9.192/26 to-addresses=45.236.87.128/26 to-ports=15500-17499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.10.0/26 to-addresses=45.236.87.128/26 to-ports=17500-19499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.10.64/26 to-addresses=45.236.87.128/26 to-ports=19500-21499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.10.128/26 to-addresses=45.236.87.128/26 to-ports=21500-23499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.10.192/26 to-addresses=45.236.87.128/26 to-ports=23500-25499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.11.0/26 to-addresses=45.236.87.128/26 to-ports=25500-27499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.11.64/26 to-addresses=45.236.87.128/26 to-ports=27500-29499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.11.128/26 to-addresses=45.236.87.128/26 to-ports=29500-31499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.11.192/26 to-addresses=45.236.87.128/26 to-ports=31500-33499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.12.0/26 to-addresses=45.236.87.128/26 to-ports=33500-35499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.12.64/26 to-addresses=45.236.87.128/26 to-ports=35500-37499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.12.128/26 to-addresses=45.236.87.128/26 to-ports=37500-39499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.12.192/26 to-addresses=45.236.87.128/26 to-ports=39500-41499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.13.0/26 to-addresses=45.236.87.128/26 to-ports=41500-43499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.13.64/26 to-addresses=45.236.87.128/26 to-ports=43500-45499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.13.128/26 to-addresses=45.236.87.128/26 to-ports=45500-47499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.13.192/26 to-addresses=45.236.87.128/26 to-ports=47500-49499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.14.0/26 to-addresses=45.236.87.128/26 to-ports=49500-51499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.14.64/26 to-addresses=45.236.87.128/26 to-ports=51500-53499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.14.128/26 to-addresses=45.236.87.128/26 to-ports=53500-55499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.14.192/26 to-addresses=45.236.87.128/26 to-ports=55500-57499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.15.0/26 to-addresses=45.236.87.128/26 to-ports=57500-59499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.15.64/26 to-addresses=45.236.87.128/26 to-ports=59500-61499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.15.128/26 to-addresses=45.236.87.128/26 to-ports=61500-63499 add action=netmap chain=cgnat-3-NE-TCP protocol=tcp src-address=100.80.15.192/26 to-addresses=45.236.87.128/26 to-ports=63500-65499 add action=netmap chain=cgnat-3-NE-UDP comment="CGNAT 3 - NE - UDP" protocol=udp src-address=100.80.8.0/26 to-addresses=45.236.87.128/26 to-ports=1500-3499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.8.64/26 to-addresses=45.236.87.128/26 to-ports=3500-5499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.8.128/26 to-addresses=45.236.87.128/26 to-ports=5500-7499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.8.192/26 to-addresses=45.236.87.128/26 to-ports=7500-9499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.9.0/26 to-addresses=45.236.87.128/26 to-ports=9500-11499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.9.64/26 to-addresses=45.236.87.128/26 to-ports=11500-13499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.9.128/26 to-addresses=45.236.87.128/26 to-ports=13500-15499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.9.192/26 to-addresses=45.236.87.128/26 to-ports=15500-17499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.10.0/26 to-addresses=45.236.87.128/26 to-ports=17500-19499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.10.64/26 to-addresses=45.236.87.128/26 to-ports=19500-21499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.10.128/26 to-addresses=45.236.87.128/26 to-ports=21500-23499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.10.192/26 to-addresses=45.236.87.128/26 to-ports=23500-25499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.11.0/26 to-addresses=45.236.87.128/26 to-ports=25500-27499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.11.64/26 to-addresses=45.236.87.128/26 to-ports=27500-29499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.11.128/26 to-addresses=45.236.87.128/26 to-ports=29500-31499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.11.192/26 to-addresses=45.236.87.128/26 to-ports=31500-33499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.12.0/26 to-addresses=45.236.87.128/26 to-ports=33500-35499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.12.64/26 to-addresses=45.236.87.128/26 to-ports=35500-37499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.12.128/26 to-addresses=45.236.87.128/26 to-ports=37500-39499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.12.192/26 to-addresses=45.236.87.128/26 to-ports=39500-41499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.13.0/26 to-addresses=45.236.87.128/26 to-ports=41500-43499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.13.64/26 to-addresses=45.236.87.128/26 to-ports=43500-45499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.13.128/26 to-addresses=45.236.87.128/26 to-ports=45500-47499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.13.192/26 to-addresses=45.236.87.128/26 to-ports=47500-49499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.14.0/26 to-addresses=45.236.87.128/26 to-ports=49500-51499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.14.64/26 to-addresses=45.236.87.128/26 to-ports=51500-53499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.14.128/26 to-addresses=45.236.87.128/26 to-ports=53500-55499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.14.192/26 to-addresses=45.236.87.128/26 to-ports=55500-57499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.15.0/26 to-addresses=45.236.87.128/26 to-ports=57500-59499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.15.64/26 to-addresses=45.236.87.128/26 to-ports=59500-61499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.15.128/26 to-addresses=45.236.87.128/26 to-ports=61500-63499 add action=netmap chain=cgnat-3-NE-UDP protocol=udp src-address=100.80.15.192/26 to-addresses=45.236.87.128/26 to-ports=63500-65499 add action=src-nat chain=srcnat src-address=172.12.0.0/24 to-addresses=45.236.84.1 /ip firewall raw add action=drop chain=prerouting disabled=yes dst-address=45.236.84.0/22 in-interface=vlan11-BGP src-address-list=IPs_Bloqueados add action=accept chain=prerouting comment="SSH da Fourfibras" dst-address=45.236.84.16/28 dst-port=9022 in-interface=vlan11-BGP protocol=tcp src-address=45.187.80.250 add action=accept chain=prerouting comment="Libera\E7\E3o Servidores" dst-address=45.236.84.16/28 in-interface=vlan11-BGP protocol=tcp src-port=0-65535 add action=accept chain=prerouting dst-address=45.236.84.16/28 in-interface=vlan11-BGP protocol=udp src-port=0-65535 add action=drop chain=output dst-port=25 log=yes log-prefix=SMTP_DROP_RAW out-interface=vlan11-BGP protocol=tcp src-address=45.236.84.0/22 add action=drop chain=prerouting dst-address=45.236.84.0/22 dst-port=25 in-interface=vlan11-BGP log=yes log-prefix=SMTP_DROP_RAW protocol=tcp add action=accept chain=prerouting dst-address=45.236.87.255 add action=accept chain=prerouting src-address=45.236.84.116/30 add action=accept chain=prerouting src-address=45.236.86.54 add action=accept chain=prerouting dst-address=45.236.84.116/30 add action=accept chain=prerouting dst-address=45.236.86.54 add action=accept chain=prerouting comment="Liberacao Synsuite" dst-address=45.236.84.16/28 in-interface=vlan11-BGP src-address=190.111.179.0/24 add action=drop chain=prerouting dst-address-list=IPs_Protek_Clientes dst-port=0-499,501-1023 in-interface=vlan11-BGP protocol=tcp add action=drop chain=prerouting dst-address-list=IPs_Protek_Clientes dst-port=0-499,501-1023 in-interface=vlan11-BGP protocol=udp add action=drop chain=prerouting in-interface=!vlan11-BGP protocol=tcp src-address=45.236.84.0/22 src-port=0 add action=drop chain=prerouting dst-port=0 in-interface=!vlan11-BGP protocol=tcp src-address=45.236.84.0/22 add action=drop chain=prerouting in-interface=!vlan11-BGP protocol=udp src-address=45.236.84.0/22 src-port=0 add action=drop chain=prerouting dst-port=0 in-interface=!vlan11-BGP protocol=udp src-address=45.236.84.0/22 add action=drop chain=prerouting dst-address=45.236.84.0/22 in-interface=vlan11-BGP protocol=tcp src-port=0 add action=drop chain=prerouting dst-address=45.236.84.0/22 dst-port=0 in-interface=vlan11-BGP protocol=tcp add action=drop chain=prerouting dst-address=45.236.84.0/22 in-interface=vlan11-BGP protocol=udp src-port=0 add action=drop chain=prerouting dst-address=45.236.84.0/22 dst-port=0 in-interface=vlan11-BGP protocol=udp add action=drop chain=prerouting in-interface=vlan11-BGP src-address-list=IPs_Bloqueados_L2TP /ip route add check-gateway=ping disabled=no distance=121 dst-address=45.236.84.191/32 gateway=10.60.0.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=yes distance=100 dst-address=45.236.87.24/30 gateway=10.60.0.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=yes distance=121 dst-address=45.236.87.254/32 gateway=192.168.254.254 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no dst-address=100.80.0.0/22 gateway=192.168.254.93 add disabled=no dst-address=100.80.4.0/22 gateway=192.168.254.93 add disabled=no distance=121 dst-address=0.0.0.0/0 gateway=192.168.254.89%vlan11-BGP pref-src=45.236.84.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=109 dst-address=45.236.87.255/32 gateway=45.236.84.34 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=121 dst-address=45.236.84.116/30 gateway=192.168.99.142%vlan2080 pref-src="" routing-table=main scope=20 suppress-hw-offload=no target-scope=10 add disabled=no dst-address=45.236.84.176/30 gateway=10.0.0.242 routing-table=main suppress-hw-offload=no add disabled=no distance=110 dst-address=181.214.230.16/32 gateway=192.168.254.89%vlan11-BGP pref-src=45.236.84.0 routing-table=main scope=20 suppress-hw-offload=no target-scope=10 add check-gateway=ping comment="Rede usada no Banco do Brasil" disabled=no distance=100 dst-address=45.236.84.184/30 gateway=10.60.0.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no dst-address=45.236.84.0/22 gateway="" routing-table=main suppress-hw-offload=no /ipv6 route add disabled=no dst-address=2804:4de8:800:8001::/64 gateway=2804:4de8::2 add disabled=no dst-address=2804:4de8:1000::3/128 gateway=2804:4de8::2 add disabled=no distance=121 dst-address=::/0 gateway=2804:4de8:1002:19::1 routing-table=main scope=30 target-scope=10 /ip service set telnet disabled=yes set ftp address=192.168.15.2/32,45.236.84.34/32,45.236.84.6/32 set www address=45.236.84.34/32,45.236.84.6/32 port=8888 set ssh address=45.236.84.0/22 port=10022 set api address=192.168.199.1/32 set winbox address="45.236.84.0/22,45.236.86.37/32,45.236.84.34/32,192.168.0.0/16,177.10.56.96/32,177.10.56.141/32,45.187.80.250/32,181.214.230.16/32,172.12.0.0/24" port=25000 set api-ssl disabled=yes /ip smb set allow-guests=no interfaces=loopbridge /ip ssh set strong-crypto=yes /ip traffic-flow set enabled=yes interfaces=vlan601,vlan600,vlan3600 /ip traffic-flow target add dst-address=192.144.73.19 port=10054 version=5 /ipv6 address add address=2804:4de8:1002::1 advertise=no interface=sfp-sfpplus2 add address=2804:3b0:8200:2057::2 advertise=no disabled=yes interface=vlan3600 add address=2804:4de8::1 advertise=no interface=vlan15 add address=2804:4de8:800:80::33 advertise=no interface=ether2 add address=2804:4de8:1002:18::2 advertise=no interface=vlan10-BRAS add address=2804:4de8:1002:19::2 advertise=no interface=vlan11-BGP /ipv6 firewall address-list add address=2804:4de8::/32 list=bgp-networks add address=::ffff:202.112.238.254/128 list=IPs_Bloqueados_L2TP add address=2607:ff10:c8:594::e/128 list=IPs_Bloqueados_L2TP /ipv6 firewall raw add action=drop chain=prerouting dst-port=500 in-interface=vlan11-BGP protocol=tcp src-address-list=IPs_Bloqueados_L2TP add action=drop chain=prerouting dst-port=500 in-interface=vlan11-BGP protocol=udp src-address-list=IPs_Bloqueados_L2TP /ipv6 nd set [ find default=yes ] advertise-dns=no /ppp aaa set interim-update=20m use-radius=yes /radius incoming set accept=yes /routing bgp connection add address-families=ip,ipv6 cisco-vpls-nlri-len-fmt=auto-bits connect=yes input.filter=bgp-ggnet-in listen=yes local.address=172.24.227.2 .role=ebgp .ttl=64 multihop=yes name=ggnet-1-novo output.filter-chain=bgp-ggnet-out remote.address=177.155.141.254 .as=53062 .port=179 templates=default add address-families=ip,ipv6 cisco-vpls-nlri-len-fmt=auto-bits connect=yes input.filter=bgp-ggnet-in listen=yes local.address=172.24.227.2 .role=ebgp .ttl=64 multihop=yes name=ggnet-2-novo output.filter-chain=bgp-ggnet-out remote.address=186.211.109.254 .as=53062 .port=179 templates=default add address-families=ipv6 cisco-vpls-nlri-len-fmt=auto-bits connect=yes input.filter=bgp-ggv6-in listen=yes local.address=vlan58 .role=ebgp .ttl=64 multihop=yes name=ggnet-v6-1-novo output.filter-chain=bgp-ggv6-out remote.address=2804:3b0:8000:0:177:155:141:254 .as=53062 .port=179 templates=default add address-families=ipv6 cisco-vpls-nlri-len-fmt=auto-bits connect=yes input.filter=bgp-ggv6-in listen=yes local.address=vlan58 .role=ebgp .ttl=64 multihop=yes name=ggnet-v6-2-novo output.filter-chain=bgp-ggv6-out remote.address=2804:3b0:8000:0:186:211:109:254 .as=53062 .port=179 templates=default /routing filter rule add chain=bgp-ggnet-in disabled=no rule="if (dst == 10.0.0.0/8) { reject; }" add chain=bgp-ggnet-in disabled=no rule="if (dst == 100.64.0.0/10) { reject; }" add chain=bgp-ggnet-in disabled=no rule="if (dst == 172.16.0.0/12) { reject; }" add chain=bgp-ggnet-in disabled=no rule="if (dst == 192.168.0.0/16) { reject; }" add chain=bgp-ggnet-in disabled=no rule="if (dst == 45.236.84.0/22) { reject; }" add chain=bgp-ggnet-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 45.236.84.0; set bgp-local-pref 200; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 45.236.84.0/22) { set bgp-communities 53062:50048; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 45.236.84.0/23) { set bgp-communities 53062:50048; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 45.236.85.0/24) { set bgp-communities 53062:50048; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 45.236.86.0/23) { set bgp-communities 53062:50048; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 45.236.86.0/24) { set bgp-communities 53062:50048; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 45.236.87.0/24) { set bgp-communities 53062:50048; accept; }" add chain=bgp-ggnet-out disabled=no rule="if (dst == 0.0.0.0/0) { reject; }" add chain=bgp-ggnet-bit-in disabled=no rule="if (dst == 10.0.0.0/8) { reject; }" add chain=bgp-ggnet-bit-in disabled=no rule="if (dst == 100.64.0.0/10) { reject; }" add chain=bgp-ggnet-bit-in disabled=no rule="if (dst == 172.16.0.0/12) { reject; }" add chain=bgp-ggnet-bit-in disabled=no rule="if (dst == 192.168.0.0/16) { reject; }" add chain=bgp-ggnet-bit-in disabled=no rule="if (dst == 45.236.84.0/22) { reject; }" add chain=bgp-ggnet-bit-in disabled=no rule="if (dst == 0.0.0.0/0) { accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.84.0/22) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.84.0/23) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.84.0/24) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.85.0/24) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.86.0/23) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.86.0/24) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggnet-bit-out disabled=no rule="if (dst == 45.236.87.0/24) { set bgp-path-prepend 3; accept; }" add chain=bgp-ggv6-in disabled=no rule="if (dst in 2804:4de8::/32 && dst-len in 32-48) { reject; }" add chain=bgp-ggv6-in disabled=no rule="if (dst == ::/0) { accept; }" add chain=bgp-ggv6-in disabled=no rule="reject;" add chain=bgp-ggv6-out disabled=no rule="if (dst in 2804:4de8::/32 && dst-len in 32-48) { accept; }" add chain=bgp-ggv6-out disabled=no rule="if (not dst == 2804:4de8::/32) { reject; }" add chain=ibgpv6-in disabled=no rule="if (not dst == 2804:4de8::/32) { reject; }" add chain=ibgpv6-out disabled=no rule="if (dst == ::/0) { accept; }" add chain=ibgpv6-out disabled=no rule="if (not dst == 2804:4de8::/32) { reject; }" add chain=ospfv3-in disabled=no rule="if (dst == ::/0) { accept; }" add chain=ospfv3-in disabled=no rule="if (dst in 2804:4de8::/32) { accept; }" add chain=ospfv3-out disabled=no rule="if (dst in 2804:4de8::/32) { accept; }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=sfp-sfpplus2 networks=192.168.254.252/30 passive priority=1 add area=backbone-v2 auth-id=1 auth-key="" disabled=no interfaces=vlan201 networks=192.168.254.20/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan202 networks=192.168.254.16/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan203 networks=192.168.254.28/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan204 networks=192.168.99.128/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan205 networks=192.168.99.136/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=yes interfaces=vlan206 networks=192.168.254.24/30 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan15 networks=172.16.10.0/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether2 networks=45.236.84.32/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan59 networks=192.168.254.240/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan58 networks=192.168.254.236/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan15 networks=192.168.254.232/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan2080 networks=192.168.99.140/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan10-BRAS networks=192.168.254.80/30 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan11-BGP networks=192.168.254.88/30 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan1499 networks=45.236.87.20/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan500 networks=192.168.254.32/30 priority=1 type=nbma add area=backbone-v3 cost=10 disabled=no interfaces=sfp-sfpplus2 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=vlan59 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=vlan58 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=ether6 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=vlan15 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=ether2 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=vlan10-BRAS priority=1 type=ptp add area=backbone-v3 cost=10 disabled=no interfaces=vlan11-BGP priority=1 type=ptp /routing ospf static-neighbor add address=192.168.254.254%sfp-sfpplus2 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.254.22%vlan201 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.254.18%vlan202 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.254.30%vlan203 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.254.253%sfp-sfpplus2 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.99.130%vlan204 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.99.138%vlan205 area=backbone-v2 disabled=no poll-interval=1m add address=192.168.254.34%vlan500 area=backbone-v2 disabled=no /routing rip interface-template add disabled=yes instance=*2 interfaces=sfp-sfpplus2 /snmp set contact="Acacio Correa " enabled=yes location="[-26.42382277, -51.31382207]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Protek-CGNAT /system leds set 0 interface=sfp-sfpplus1 leds=sfpplus1-led1 type=interface-speed set 1 leds=sfpplus1-led2 type=interface-activity set 2 leds=sfpplus2-led1 type=interface-speed set 3 leds=sfpplus2-led2 type=interface-activity /system logging set 0 topics=info,!firewall,!bgp,!ospf add action=memFirewall topics=info,firewall add action=memBgp topics=info,bgp add action=memOspf topics=info,ospf add action=remote topics=critical add action=remote topics=error add action=remote topics=warning add action=remote topics=info /system ntp client set enabled=yes /system ntp client servers add address=45.236.84.23 add address=200.160.0.8 /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=oct/24/2023 start-time=04:00:00 add name=reboot on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=nov/10/2023 start-time=05:00:00 add name=reboot2 on-event="/system routerboard upgrade\r\n/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=nov/10/2023 start-time=05:05:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistemas policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_firewall_cgnat.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-firewall_cgnat\" file=backup-mikrotik_firewall_cgnat.rsc start-tls=yes" /tool bandwidth-server set enabled=no /tool e-mail set address=smtps.uhserver.com.com from=financeiro@proteknet.com.br port=465 user=financeiro@proteknet.com.br /tool romon set enabled=yes