/ip addressadd address=10.0.10.2/30 disabled=yes interface=ISP1 network=10.0.10.0
add address=10.0.20.2/30 disabled=yes interface=ISP2 network=10.0.20.0
add address=192.168.88.1/24 disabled=no interface=Local network=192.168.88.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=accept chain=prerouting comment=\
"====================================================================" \
disabled=no dst-address=192.168.88.0/30 src-address=192.168.88.0/30
add action=accept chain=prerouting disabled=yes dst-address=10.0.10.0/30 \
src-address=192.168.88.0/30
add action=accept chain=prerouting disabled=yes dst-address=10.0.20.0/30 \
src-address=192.168.88.0/30
add action=mark-connection chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark disabled=no in-interface=Link1Velox \
new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=Link2Velox new-connection-mark=ISP2_conn passthrough=yes
add action=jump chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark disabled=no in-interface=Local jump-target=\
policy_router
add action=mark-routing chain=prerouting comment=\
"====================================================================" \
connection-mark=ISP1_conn disabled=no new-routing-mark=ISP1_traffic \
passthrough=yes src-address=192.168.88.0/30
add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=no \
new-routing-mark=ISP2_traffic passthrough=yes src-address=192.168.88.0/30
add action=mark-routing chain=output comment=\
"====================================================================" \
connection-mark=ISP1_conn disabled=no new-routing-mark=ISP1_traffic \
passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=no \
new-routing-mark=ISP2_traffic passthrough=yes
add action=mark-connection chain=policy_router comment=\
"====================================================================" \
disabled=no dst-address-type=!local new-connection-mark=ISP1_conn \
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=policy_router disabled=no dst-address-type=\
!local new-connection-mark=ISP2_conn passthrough=yes \
per-connection-classifier=both-addresses:2/1
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=Link1Velox
add action=masquerade chain=srcnat disabled=no out-interface=Link2Velox
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ISP1 disabled=no
set ISP2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set Local disabled=no
set Link1Velox disabled=yes
set Link2Velox disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Link1Velox \
routing-mark=ISP1_traffic scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/
routing-mark=ISP2_traffic scope=30 target-s
add disabled=no distance=2 dst-address=0.0.0.0/
target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/
target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-c
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k en
15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enable