interminable Posted May 4, 2016 Posted May 4, 2016 Помогите настроить как из локальной сети подключаться на адрес интернета? Т.е. находясь дома иметь возможность подключиться допустим к камерам наблюдения не на локальный адрес камеры, а на интернет адрес маршрутизатора? Пока получается только удаленно на интернет адрес или локально на локальный. /ip firewall nat add action=netmap chain=dstnat dst-address=193.13.13.14 dst-port=80 in-interface=ether2-WAN \ log-prefix=TPLINK protocol=tcp to-addresses=10.10.10.11 to-ports=80 add action=src-nat chain=srcnat dst-address=10.10.10.11 dst-port=80 log-prefix=TPLINK protocol=tcp \ to-addresses=10.10.10.10 add action=redirect chain=dstnat comment="DNS default" dst-port=53 in-interface=ether5-LAN protocol=udp add action=masquerade chain=srcnat out-interface=ether2-WAN add action=masquerade chain=srcnat out-interface=ether5-LAN add action=masquerade chain=srcnat comment="Routes LAN" disabled=yes dst-address=192.168.0.0/23 \ out-interface=ether5-LAN src-address=10.10.10.0/25 /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related add chain=input comment=VPN dst-port=1723 protocol=tcp add chain=input comment="for VPN" protocol=gre add chain=input comment="Permit related connections" connection-state=related add chain=input comment="Permit icmp" protocol=icmp add chain=input comment="Permit established connections" connection-state=established add chain=input comment=IPTV disabled=yes in-interface=ether2-WAN protocol=igmp src-address=0.0.0.0 add chain=input disabled=yes dst-port=5004 in-interface=ether2-WAN protocol=udp add action=drop chain=input dst-port=53 in-interface=ether2-WAN protocol=tcp add action=drop chain=input dst-port=53 in-interface=ether2-WAN protocol=udp add action=drop chain=input comment="Deny invalid connections" connection-state=invalid add action=drop chain=input comment="port scanners" src-address-list="port scanners" add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input comment="drop ssh brute forcers" dst-port=22,1122 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3 add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2 add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1 add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" dst-port=25 protocol=tcp src-address-list=spammer add action=add-src-to-address-list address-list=spammer address-list-timeout=1d chain=forward comment="Detect and add-list SMTP virus or spammers" connection-limit=30,32 dst-port=25 \ limit=50,5:packet protocol=tcp add action=drop chain=forward connection-state=invalid add action=drop chain=input in-interface=ether2-WAN src-address-list=BOGON add action=drop chain=input in-interface=ether3-Tritel src-address-list=BOGON add action=drop chain=forward comment="List for drop clients" src-address-list=deny-forward Вставить ник Quote
interminable Posted June 6, 2016 Author Posted June 6, 2016 Т.е. я не могу в локальной сети подключиться к устройству используя внешний адрес? 192.168.1.1 - 198.88.56.32 НЕТ 192.168.1.1 - 192.168.1.2 ДА Вставить ник Quote
DobroFenix Posted August 29, 2016 Posted August 29, 2016 (edited) Вам сюда Но результат может быть непредсказуем http://wiki.mikrotik.com/wiki/Hairpin_NAT На русском: http://spw.ru/solutions/natpart5/ Edited August 29, 2016 by DobroFenix Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.