može netko pomoć oko firwalla?
ja to niš ne kužim. filteri, natovi, manglovi, pmaterine. niš mi ne radi. yewbote mikrotik.
ukratko - hoću da mogu pingat mikrotik s neta. to sad ne radi.
i trebam port forwarde. malo, ali ih trebam.
na *wrtovima je bilo simplex: "allow ping from wan side - yes". ćao.
isto za port forwarde, in port, out port, ip adresa. ćao.
ovdje je bitan čak i redoslijed filtera i rule-ova.
moj export firewalla.
Code:
/ip firewall filter
add chain=input in-interface=ether1-wan1 protocol=icmp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=ether4-wan2 protocol=icmp
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-s
in-interface=ether1-wan1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
[admin@MikroTik] /ip firewall filter>
nat:
Code:
add action=masquerade chain=srcnat comment=wan1 out-interface=ether1-wan1 src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment=wan2 out-interface=ether4-wan2 src-address=192.168.4.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-wan1 protocol=tcp to-addresses=192.168.2.25 to-ports=8888
add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-wan1 protocol=udp to-addresses=192.168.2.25 to-ports=8888
add action=dst-nat chain=dstnat dst-port=4711 in-interface=ether1-wan1 protocol=tcp to-addresses=192.168.2.150 to-ports=4711
add action=dst-nat chain=dstnat dst-port=4610 in-interface=ether1-wan1 protocol=udp to-addresses=192.168.2.150 to-ports=4610
add action=dst-nat chain=dstnat dst-port=4600 in-interface=ether1-wan1 protocol=tcp to-addresses=192.168.2.150 to-ports=4600
add action=dst-nat chain=dstnat dst-address=0.0.0.0 dst-port=7777 in-interface=ether1-wan1 protocol=tcp to-addresses=192.168.2.150 \
to-ports=7777
add action=dst-nat chain=dstnat dst-address=0.0.0.0 dst-port=7777 in-interface=ether1-wan1 protocol=udp to-addresses=192.168.2.150 \
to-ports=7777
add action=dst-nat chain=dstnat dst-port=23 in-interface=ether1-wan1 protocol=tcp to-addresses=192.168.2.150 to-ports=3389
add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether1-wan1 protocol=tcp to-addresses=192.168.2.20 to-ports=5060
add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether1-wan1 protocol=udp to-addresses=192.168.2.20 to-ports=5060
[admin@MikroTik] /ip firewall nat>
pomoć dobrodošla.