Jump to content
Калькуляторы

Из LAN на адрес WAN

Помогите настроить как из локальной сети подключаться на адрес интернета?

Т.е. находясь дома иметь возможность подключиться допустим к камерам наблюдения не на локальный адрес камеры, а на интернет адрес маршрутизатора? Пока получается только удаленно на интернет адрес или локально на локальный.

 

/ip firewall nat

add action=netmap chain=dstnat dst-address=193.13.13.14 dst-port=80 in-interface=ether2-WAN \

log-prefix=TPLINK protocol=tcp to-addresses=10.10.10.11 to-ports=80

add action=src-nat chain=srcnat dst-address=10.10.10.11 dst-port=80 log-prefix=TPLINK protocol=tcp \

to-addresses=10.10.10.10

add action=redirect chain=dstnat comment="DNS default" dst-port=53 in-interface=ether5-LAN protocol=udp

add action=masquerade chain=srcnat out-interface=ether2-WAN

add action=masquerade chain=srcnat out-interface=ether5-LAN

add action=masquerade chain=srcnat comment="Routes LAN" disabled=yes dst-address=192.168.0.0/23 \

out-interface=ether5-LAN src-address=10.10.10.0/25

 

 

 

 

/ip firewall filter

add action=fasttrack-connection chain=forward connection-state=established,related

add chain=input comment=VPN dst-port=1723 protocol=tcp

add chain=input comment="for VPN" protocol=gre

add chain=input comment="Permit related connections" connection-state=related

add chain=input comment="Permit icmp" protocol=icmp

add chain=input comment="Permit established connections" connection-state=established

add chain=input comment=IPTV disabled=yes in-interface=ether2-WAN protocol=igmp src-address=0.0.0.0

add chain=input disabled=yes dst-port=5004 in-interface=ether2-WAN protocol=udp

add action=drop chain=input dst-port=53 in-interface=ether2-WAN protocol=tcp

add action=drop chain=input dst-port=53 in-interface=ether2-WAN protocol=udp

add action=drop chain=input comment="Deny invalid connections" connection-state=invalid

add action=drop chain=input comment="port scanners" src-address-list="port scanners"

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp psd=21,3s,3,1

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=syn,rst

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

add action=drop chain=input comment="drop ssh brute forcers" dst-port=22,1122 protocol=tcp src-address-list=ssh_blacklist

add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp

add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist

add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3

add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2

add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1

add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp

add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" dst-port=25 protocol=tcp src-address-list=spammer

add action=add-src-to-address-list address-list=spammer address-list-timeout=1d chain=forward comment="Detect and add-list SMTP virus or spammers" connection-limit=30,32 dst-port=25 \

limit=50,5:packet protocol=tcp

add action=drop chain=forward connection-state=invalid

add action=drop chain=input in-interface=ether2-WAN src-address-list=BOGON

add action=drop chain=input in-interface=ether3-Tritel src-address-list=BOGON

add action=drop chain=forward comment="List for drop clients" src-address-list=deny-forward

Share this post


Link to post
Share on other sites

Т.е. я не могу в локальной сети подключиться к устройству используя внешний адрес?

 

192.168.1.1 - 198.88.56.32 НЕТ

192.168.1.1 - 192.168.1.2 ДА

Share this post


Link to post
Share on other sites

Вам сюда

Но результат может быть непредсказуем

http://wiki.mikrotik.com/wiki/Hairpin_NAT

 

На русском: http://spw.ru/solutions/natpart5/

Edited by DobroFenix

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.