MikroTik RouterOS 5.2 (c) 1999-2011
MikroTik Routers and Wireless
[admin@Balance 8293] > ip
[admin@Balance 8293] /ip> fi
[admin@Balance 8293] /ip firewall> export
/ip firewall address-list
add address=66.96.239.0/24 comment="Minha Conexao " disabled=no list=loopback
add address=200.196.144.0/20 comment="BANCO - ITAU" disabled=no list=loopback
add address=200.220.176.0/20 comment="BANCO - SANTANDER / REAL / BANESPA" \
disabled=no list=loopback
add address=200.201.160.0/20 comment="BANCO - CAIXA" disabled=no list=loopback
add address=201.33.144.0/20 comment="BANCO - BB" disabled=no list=loopback
add address=170.66.0.0/16 comment="BANCO - BB" disabled=no list=loopback
add address=200.252.0.0/16 comment="BANCO - SICOOB" disabled=no list=loopback
add address=200.251.0.0/16 comment="BANCO - MERCANTIL DO BRASIL" disabled=no \
list=loopback
add address=161.113.0.0/16 comment="BANCO - HSBC" disabled=no list=loopback
add address=200.155.107.0/24 comment="BANCO - UNIBANCO" disabled=no list=\
loopback
add address=69.17.117.207 comment=SPEED_TEST disabled=no list=loopback
add address=200.159.128.189 comment=RJNET disabled=no list=loopback
add address=200.195.144.42 comment=COPEL disabled=no list=loopback
add address=189.45.12.3 comment="SPEED TEST - RJ" disabled=no list=loopback
add address=209.85.153.85 comment=ORKUT disabled=no list=loopback
add address=64.4.20.169 disabled=no list=loopback
add address=62.212.84.0/24 comment="YAP TUBE" disabled=no list=loopback
add address=85.17.79.0/24 disabled=no list=loopback
add address=67.195.0.0/24 comment=YAHOO disabled=no list=loopback
add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
add address=208.69.32.0/24 disabled=no list=loopback
add address=208.67.217.0/24 disabled=no list=loopback
add address=208.84.247.0/24 comment="Vdeos - terratv" disabled=no list=\
loopback
add address=200.201.166.0/24 disabled=no list=loopback
add address=200.201.173.0/24 disabled=no list=loopback
add address=200.201.174.0/24 disabled=no list=loopback
add address=200.141.207.3 comment=Detran disabled=no list=loopback
add address=69.5.88.0/24 comment=Megaupload disabled=no list=loopback
add address=200.220.190.0/24 disabled=no list=loopback
add address=187.60.39.98 comment="Servidor SKY" disabled=no list=loopback
add address=200.154.56.0/24 comment=terra disabled=no list=loopback
add address=201.7.178.0/24 comment=globo disabled=no list=loopback
add address=200.155.80.0-200.155.255.255 comment=bradesco disabled=no list=\
loopback
add address=201.7.180.0/24 comment=globo disabled=no list=loopback
add address=201.7.176.0/24 comment=globo disabled=no list=loopback
add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=\
loopback
add address=186.192.80.0/24 comment="globo fash" disabled=no list=loopback
add address=187.16.27.162 comment=www.aceppms.com.br disabled=no list=loopback
add address=200.246.58.0/24 comment=www.scpc.inf.br disabled=no list=loopback
add address=200.152.225.0/24 comment=www.losango.com.br disabled=no list=\
loopback
add address=201.77.87.0/24 comment="BANCO - SICREDI" disabled=no list=loopback
add address=69.163.186.0/24 comment=mundoaz.com disabled=no list=loopback
add address=200.160.2.3 comment=registro.br disabled=no list=loopback
add address=200.149.32.221 comment=tv disabled=no list=loopback
add address=186.233.145.34 disabled=no list=GERENCIANET
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment=webcam disabled=no dst-port=7001 \
protocol=tcp
add action=accept chain=forward disabled=no dst-port=1863 protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting comment=\
"FORA DO LOADBALACED BANCO SANTANDER" disabled=no dst-address-list=\
200.220.178.3 in-interface=saida
add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no \
dst-address-list=loopback in-interface=saida
add action=mark-routing chain=prerouting comment=\
"Navegacao em sites https-encriptados" disabled=no dst-port=443 \
new-routing-mark=to_dsl1 passthrough=yes protocol=tcp
add action=mark-routing chain=output connection-mark=dsl1_conn disabled=no \
new-routing-mark=to_dsl1 passthrough=yes
add action=mark-routing chain=output connection-mark=dsl2_conn disabled=no \
new-routing-mark=to_dsl2 passthrough=yes
add action=mark-routing chain=output connection-mark=dsl3_conn disabled=no \
new-routing-mark=to_dsl3 passthrough=yes
add action=mark-routing chain=output connection-mark=dsl4_conn disabled=no \
new-routing-mark=to_dsl4 passthrough=yes
add action=mark-routing chain=output disabled=no new-routing-mark=to_embratel \
passthrough=yes
add action=mark-connection chain=prerouting comment="===== Balance_PCC =====" \
disabled=no dst-address-type=!local in-interface=saida \
new-connection-mark=dsl1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:9/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/3
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/4
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/5
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/6
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/7
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/8
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/10
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=saida new-connection-mark=dsl4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/5
add action=mark-connection chain=prerouting comment=observar disabled=no \
new-connection-mark=embratel_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:9/7
add action=mark-routing chain=prerouting comment=\
"===== Marking all the packets =====" connection-mark=dsl1_conn disabled=\
no in-interface=saida new-routing-mark=to_dsl1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=dsl2_conn disabled=no \
in-interface=saida new-routing-mark=to_dsl2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=dsl3_conn disabled=no \
in-interface=saida new-routing-mark=to_dsl3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=dsl4_conn disabled=no \
in-interface=saida new-routing-mark=to_dsl4 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="===== Masquerade Interfaces =====" \
disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-out3
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-out4
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@Balance 8293] /ip firewall>