Upload
kurniawan-setyo-nugroho
View
225
Download
0
Embed Size (px)
Citation preview
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 1/9
SISI MIKROTIK :
/ip adrress
- 172.19.196.1/24 interface prox- 192.16!.!!.1/24 interface "an- 192.16!.1.1/24 interface #ode#-1- 192.16!.2.1/24 interface #ode#-2
catatan : - dia" "e$at #i%roti% d&n #ode# s'& 'ri&de - ip #esin ('(nt( 172.19.196.1))
*rox +it
/ip fire$a"" #an&"e
add action,#ar%-pac%et cain,prero(tin& co##ent,prox-it disa'"ed,nodscp,12 ne$-pac%et-#ar%,prox-it passtro(&,es
/(e(e treeadd '(rst-"i#it,) '(rst-treso"d,) '(rst-ti#e,)s disa'"ed,no "i#it-at,) #ax-"i#it,) na#e,+IT pac%et-#ar%,prox-it parent,&"o'a"-o(t priorit,1 (e(e,defa("t
*00 R3 MRK ***o3 0O55
/ip fire$a"" #an&"eadd action,#ar%-connection cain,inp(t co##ent, *00 R3 ---- MRK ***o3 0O55 connection-state,ne$ disa'"ed,no in-interface,pppoe1 ne$-connection-#ar%,pppoe1conn passtro(&,es
add action,#ar%-connection cain,inp(t co##ent, connection-state,ne$ disa'"ed,no in-interface,pppoe2 ne$-connection-#ar%,pppoe2conn passtro(&,es
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no in-interface,pppoe1 ne$-connection-#ar%, pppoe1conn passtro(&,es
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no in-interface,pppoe2 ne$-connection-#ar%, pppoe2conn passtro(&,es
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no in-interface,pppoe1 ne$-connection-#ar%,pppoe1conn passtro(&,es
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no in-interface,pppoe2 ne$-connection-#ar%,pppoe2conn passtro(&,es
add action,#ar%-ro(tin& cain,o(tp(t co##ent, connection-#ar%,pppoe1conn disa'"ed,no ne$-ro(tin&-#ar%,pppoe1 passtro(&,no
add action,#ar%-ro(tin& cain,o(tp(t co##ent, connection-#ar%,pppoe2conn
disa'"ed,no ne$-ro(tin&-#ar%,pppoe2 passtro(&,no
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 2/9
*00 R3 MRK +TT* 0O55
/ip fire$a"" #an&"e
add action,#ar%-connection cain,prero(tin& co##ent, *00 R3 MRK +TT* 0O55 connection-state,esta'"ised disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface,prox ne$-connection-#ar%,ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface, prox ne$-connection-#ar%,ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface, prox ne$-connection-#ar%,ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface, prox ne$-connection-#ar%,ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",tcp
*00 R3 MRK 5O5 +TT* 0O55
/ip fire$a"" #an&"e
add action,#ar%-connection cain,prero(tin& co##ent, *00 R3 ---- MRK - 5O5 -+TT* 0O55 connection-state,esta'"ised
disa'"ed,no dst-address-tpe,8"oca" dst-port,8!) in-interface,"an ne$-connection-#ar%,non.ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no dst-address-tpe,8"oca" dst-port,8!) in-interface,"an ne$-connection-#ar%,non.ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" dst-port,8!) in-interface,"an ne$-connection-#ar%,non.ttppppoe1 passtro(&,es
per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" dst-port,8!) in-interface,"an ne$-connection-#ar%,non.ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no dst-address-tpe,8"oca" in-interface,"an ne$-connection-#ar%,non.ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",(dp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no dst-address-tpe,8"oca" in-interface,"an
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 3/9
ne$-connection-#ar%,non.ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",(dp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" in-interface,"an ne$-connection-#ar%,non.ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",(dp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" in-interface,"an ne$-connection-#ar%,non.ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",(dp
*00 R3 MRK +TT* dan 5O5 +TT* ROT3
/ip fire$a"" #an&"e
add action,#ar%-ro(tin& cain,prero(tin& co##ent, *00 R3 ---- MRK - +TT* ROT3 connection-#ar%,ttppppoe1 disa'"ed, no ne$-ro(tin&-#ar%,pppoe1 passtro(&,es
add action,#ar%-ro(tin& cain,prero(tin& co##ent, connection-#ar%, ttppppoe2 disa'"ed,no ne$-ro(tin&-#ar%,pppoe2 passtro(&,es
add action,#ar%-ro(tin& cain,prero(tin& co##ent, *00 R3 MRK 5O5 +TT* ROT3 connection-#ar%,non.ttppppoe1 disa'"ed,no ne$-ro(tin&-#ar%,pppoe1 passtro(&,es
add action,#ar%-ro(tin& cain,prero(tin& co##ent, connection-#ar%, non.ttppppoe2 disa'"ed,no ne$-ro(tin&-#ar%,pppoe2 passtro(&,es
5T
/ip fire$a"" natadd action,#as(erade cain,srcnat co##ent,MS3R31 disa'"ed,no o(t-interface,pppoe1
add action,#as(erade cain,srcnat co##ent,MS3R32 disa'"ed,no o(t-interface,pppoe2
add action,#as(erade cain,srcnat co##ent,MS3R3; disa'"ed,no o(t-interface,prox
add action,dst-nat cain,dstnat co##ent,TR5S*R35T-5S disa'"ed,no dst-port,
<; in-interface,"an protoco",(dp to-ports,<;
add action,dst-nat cain,dstnat co##ent, disa'"ed,no dst-port,<; in-interface,"an protoco",tcp to-ports,<;
add action,dst-nat cain,dstnat co##ent, disa'"ed,no dst-port,<; in-interface,prox protoco",(dp to-ports,<;
add action,dst-nat cain,dstnat co##ent, disa'"ed,no dst-port,<; in-interface,prox protoco",tcp to-ports,<;
add action,dst-nat cain,dstnat co##ent,TR5S*R35T-prox disa'"ed,no dst-address-"ist,8prox53T dst-port,!)=!)!)=;12! in-interface,"an
protoco",tcp to-addresses,172.19.196.1)) to-ports,;12!
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 4/9
add action,dst-nat cain,dstnat co##ent,R3MOT3 *RO>? disa'"ed,no dst-address,12<.16<.4).xxx dst-port,22 protoco",tcp to-addresses, 172.19.196.1)) to-ports,22
R3SS IST
/ip fire$a"" address-"istadd address,192.16!.!!.)/24 co##ent, disa'"ed,no "ist,"an53Tadd address,172.19.196.)/24 co##ent, disa'"ed,no "ist,prox53T
/ip ro(teadd cec%-&ate$a,pin& disa'"ed,no distance,1 dst-address,).).).)/)&ate$a, pppoe1 ro(tin&-#ar%,pppoe1 scope,;) tar&et-scope,1)add cec%-&ate$a,pin& disa'"ed,no distance,1 dst-address,).).).)/)&ate$a, pppoe2 ro(tin&-#ar%,pppoe2 scope,;) tar&et-scope,1)add cec%-&ate$a,pin& co##ent,efa("t-Ro(te-pppoe1-istance-1disa'"ed,no distance,1 dst-address,).).).)/) &ate$a,pppoe1 scope,;) tar&et-scope,1)add cec%-&ate$a,pin& co##ent,efa("t-Ro(te-pppoe2-istance-2disa'"ed,no distance,2 dst-address,).).).)/) &ate$a,pppoe2 scope,;) tar&et-scope,1)
*rox Side Settin&
'(nt( @ersi 1).)4
ari arddis% 16)A' di'a&i se'a&ai 'eri%(t:/'oot 1A' ext4 Boot C"a& Boot/ ;A' ext4 Sste#/(sr 4A' ext4 Static @aria'"e
/Dar 4A' ext4 @aria'"es$ap 1A' s$ap E1 x 'esaran RMF/o#e/prox1 1) A' /ReiserCS/o#e/prox2 1) A' /ReiserCS/o#e/prox; 1) A' /ReiserCS/o#e/sare EsisanaF ext4 Sare oc(#ents
Install Paket
- s(do apt-&et (pdate- s(do apt-&et insta"" s(id- s(do apt-&et insta"" s(id s(idc"ient s(id-c&i
- s(do apt-&et insta"" ccGe
sete"a se"esai insta"" pa%et "a%(%an edit s(id.conf
d&n "o%asi : /etc/s(id/s(id.conf
S(id.conf
H-----------------------------------HH *rox SerDer @ersi 2.7.Sta'"e6H ' %o'e"ex99aoo.co#H (pdate 11 J(ni 2)1)H-----------------------------------H
H---------------------------------------------------------------H
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 5/9
H *ortH---------------------------------------------------------------H
ttpport ;12! transparenticpport ;1;)preferdirect off
H---------------------------------------------------------------HH Men&atasi Cace'oo% B"an% sete"a "o&inH---------------------------------------------------------------H
serDerttp11 on
H---------------------------------------------------------------HH 0ace O'LectH---------------------------------------------------------------H
cace#e# ! MBcaces$ap"o$ 9!caces$api& 99#axfi"edesc !192#axi#(#o'LectsiGe 12! MB#ini#(#o'LectsiGe ) KB#axi#(#o'LectsiGein#e#or 12! KB
ipcacesiGe 1)24)ipcace"o$ 9!ipcacei& 99fdncacesiGe 4)96cacerep"ace#entpo"ic eap C#e#orrep"ace#entpo"ic eap ASC
H----------------------------------------------------------------HH cacedirH----------------------------------------------------------------H
cacedir a(fs /o#e/prox1 7))) 16 2<6cacedir a(fs /o#e/prox2 7))) 16 2<6cacedir a(fs /o#e/prox; 7))) 16 2<6
caceaccess"o& /Dar/"o&/s(id/access."o&cace"o& /Dar/"o&/s(id/cace."o&cacestore"o& nonepidfi"ena#e /Dar/r(n/s(id.pidcaces$ap"o& /Dar/"o&/s(id/s$ap.state
dnsna#eserDers /etc/reso"D.confe#("atettpd"o& offostsfi"e /etc/ostsa"fc"osedc"ients offne&atiDett" 1 #in(tes
H---------------------------------------------------------------HH R("es: Safe *ortH---------------------------------------------------------------H
ac" a"" src ).).).)/).).).)ac" #ana&er proto caceo'Lectac" "oca"ost src 127.).).1/2<<.2<<.2<<.2<<
ac" to"oca"ost dst 127.).).)/!ac" SSports port 44; <6; !7; H ttps sne$s rsnc
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 6/9
ac" Safeports port !) H ttpac" Safeports port 2) 21 H ftpac" Safeports port 7) H &operac" Safeports port 21) H $aisac" Safeports port 1)2<-6<<;< H (nre&istered portsac" Safeports port 6;1 H c(psac" Safeports port 1)))) H $e'#inac" Safeports port 9)1 H STac" Safeports port 2!) H ttp-#&#tac" Safeports port 4!! H &ss-ttpac" Safeports port <91 H fi"e#a%erac" Safeports port 777 H #("ti"in& ttpac" Safeports port !7; H rsncac" Safeports port 11) H *O*;ac" Safeports port 2< H SMT*ac" Safeports port 2)9< 2)96 H $e'#ai" fro# cpane"ac" Safeports port 2)!2 2)!; H cpane"
ac" p(r&e #etod *RA3ac" 0O5530T #etod 0O5530Tttpaccess a""o$ #ana&er "oca"ostttpaccess den #ana&erttpaccess a""o$ p(r&e "oca"ostttpaccess den p(r&ettpaccess den 8Safeports 8SSportsttpaccess den 0O5530T 8SSports 8Safeports
H---------------------------------------------------------------HH Refres *atternH---------------------------------------------------------------H
H pict(res i#a&es
refrespattern -i .E&ifNpn&NLpe&NLp&N'#pNtifNtiffNicoF 1))!) <)P 4;2))oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-re"oad i&nore-no-cace i&nore-a(t i&nore-priDaterefrespattern -i .Ex#"Nt#"Nt#NLsNtxtNcssNppF 1))!) <)P 4;2))oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-re"oad i&nore-no-cace i&nore-a(t
Hso(nd= Dideo #("ti#ediarefrespattern -i .Ef"DNx-f"DN#oDNaDiNtN#p&N#pe&Ns$fF 1))!) <)P 4;2))oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-re"oad i&nore-no-cacerefrespattern -i .E$aDN#p;N#p4Na(N#idF 1))!) <)P 4;2)) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-re"oad i&nore-no-cace i&nore-a(t
i&nore-priDate
H fi"esrefrespattern -i .EisoNde'Nrp#NGipNtarNt&GNra#NrarN'inNpptNdocF 1))!)9)P 4;2)) i&nore-no-cace i&nore-a(trefrespattern -i .EGipN&GNarLN"aN"GF 1))!) 1))P 4;2)) oDerride-expirei&nore-no-cace i&nore-a(trefrespattern -i .ErarNt&GNtarNexeN'inF 1))!) 1))P 4;2)) oDerride-expire i&nore-no-cace i&nore-a(trefrespattern -i .ExNpdfNrtfNdocNs$fF 1))!) 1))P 4;2)) oDerride-expire i&nore-no-cace i&nore-a(trefrespattern -i .EincNca'NadNtxtNd""F 1))!) 1))P 4;2)) oDerride-expirei&nore-no-cace i&nore-a(t
H -- refres pattern for specific sites -- H
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 7/9
refrespattern Qttp://.Lo'street.co#./. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od i&nore-no-cacerefrespattern Qttp://.indo$e'ster.co#./. 72) 1))P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-re"oad i&nore-no-cacei&nore-a(trefrespattern Qttp://.21cinep"ex./. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-re"oad i&nore-no-cace i&nore-a(trefrespattern Qttp://.at#aLaa./. 72) 1))P 1))!) oDerride-expirei&nore-no-cace i&nore-a(trefrespattern Qttp://.%o#pas./. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.tein(irer./. 72) 1))P 1))!) oDerride-expirei&nore-no-cace i&nore-a(trefrespattern Qttp://.'"o&spot.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.$ordpress.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cacerefrespattern Qttp://.poto'(c%et.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.tinpic.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.i#a&esac%.(s/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.%as%(s./. 72) 1))P 2!!)) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://$$$.%as%(s.co#/. 72) 1))P 2!!)) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.deti%./. 72) <)P 2!!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.deti%ne$s./. 72) <)P 2!!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://Dideo."ip(tan6.co#/. 72) 1))P 1))!) oDerride-
expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://static."ip(tan6.co#/. 72) 1))P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.friendster.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od i&nore-no-cace i&nore-a(trefrespattern Qttp://.face'oo%.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://apps.face'oo%.co#/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.f'cdn.net/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://profi"e.a%.f'cdn.net/. 72) 1))P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(t
refrespattern Qttp://static.p"aspoon.co#/. 72) 1))P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://coo%in&.&a#e.p"aspoon.co#/. 72) 1))P 1))!)oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern -i ttp://Qa-G.one#an&a.co#/U 72) !)P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://#ediaU.one#an&a.co#/. 72) !)P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.aoo.co#/. 72) !)P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(trefrespattern Qttp://.&oo&"e.co#/. 72) !)P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(t
refrespattern Qttp://.for(##i%roti%.co#/. 72) !)P 1))!) oDerride-expire oDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(t
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 8/9
refrespattern Qttp://."in(x.or.id/. 72) 1))P 1))!) oDerride-expireoDerride-"ast#od re"oad-into-i#s i&nore-no-cace i&nore-a(t
Hdefa("t optionrefrespattern Qftp: 144) 2)P 1))!)refrespattern Q&oper: 144) )P 144)refrespattern -i E/c&i-'in/NUF ) )P )refrespattern . ) 2)P 4;2)
H---------------------------------------------------------------HH O3 003SSH---------------------------------------------------------------H
ac" prox%( src 172.19.196.)/24ttpaccess a""o$ prox%(ttpaccess a""o$ "oca"ostttpaccess den a""ttprep"access a""o$ a""icpaccess a""o$ prox%(icpaccess a""o$ "oca"osticpaccess den a""a"$asdirect den a""
H---------------------------------------------------------------HH 0ace 0AI d#inistratiDeH---------------------------------------------------------------H
cace#&r %o'e"ex99aoo.co#Disi'"eostna#e dns.prox%(.netcaceeffectiDe(ser proxcaceeffectiDe&ro(p proxcored(#pdir /Dar/spoo"/s(id
s(tdo$n"ifeti#e 1) seconds"o&fi"erotate 14
H-----------------------------------------------------------------HHtcpo(t&oin&tos )x;) "oca"netH-----------------------------------------------------------------H
Gp#ode tosGp"oca" )x;)Gpparent )Gpoption 1;6
stop squid dgn perintah s(id stop
Memberikan permission pada folder cacheco$n -R prox.prox /o#e/proxco$n prox.prox /Dar/"o&/s(id/access."o&
Membuat folder-folder swap/cache di dalam folder cache yang telahditentukans(id -f /etc/s(id/s(id.conf -G
Restart squid.s(id restart
8/9/2019 Sisi Mikrotik
http://slidepdf.com/reader/full/sisi-mikrotik 9/9
5o *rox Re#oDe Tis R("e
/ip fire$a"" nat
add action,dst-nat cain,dstnat co##ent,TR5S*R35T-prox disa'"ed,no dst-address-"ist,8prox53T dst-port,!)=!)!)=;12! in-interface,"an protoco",tcp to-addresses,172.19.196.1)) to-ports,;12!/co"or
/ip fire$a"" #an&"e
add action,#ar%-connection cain,prero(tin& co##ent, *00 R3 ---- MRK - +TT* 0O55 connection-state,esta'"iseddisa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface,prox ne$-connection-#ar%,ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, esta'"ised disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface, prox ne$-connection-#ar%,ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface, prox ne$-connection-#ar%,ttppppoe1 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/) protoco",tcp
add action,#ar%-connection cain,prero(tin& co##ent, connection-state, re"ated disa'"ed,no dst-address-tpe,8"oca" dst-port,!) in-interface, prox ne$-connection-#ar%,ttppppoe2 passtro(&,es per-connection-c"assifier,'ot-addresses-and-ports:2/1 protoco",tcp