Citiraj:
Autor dadoremix
Code:
add action=dst-nat chain=dstnat comment="jo bi forvardal" dst-port=8080 in-interface=TU_DENI_INFERFACE protocol=tcp to-addresses=\10.0.9.10 to-ports=8080
znači tam gdje sam napisal .. tu deni interface .. dakle interface od interneta
ako si f briđ modu, znači pppoe ili kak se ti več zove |
add action=dst-nat chain=dstnat dst-port=8080 in-interface=ether1 protocol=tcp \
to-addresses=10.0.9.10 to-ports=8080
u ether1 je spojen A1 router, u ether2 desktop, u ether3 minix
Ne radi
Evo cijeli NAT
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=51413 in-interface=ether1 protocol=tcp \
to-addresses=10.0.9.10 to-ports=51413
add action=dst-nat chain=dstnat dst-port=8080 in-interface=ether1 protocol=tcp \
to-addresses=10.0.9.10 to-ports=8080
i Firewall filter:
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=forward connection-state=established,related
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN