interminable Posted May 4, 2016 · Report post Помогите настроить как из локальной сети подключаться на адрес интернета? Т.е. находясь дома иметь возможность подключиться допустим к камерам наблюдения не на локальный адрес камеры, а на интернет адрес маршрутизатора? Пока получается только удаленно на интернет адрес или локально на локальный. /ip firewall nat add action=netmap chain=dstnat dst-address=193.13.13.14 dst-port=80 in-interface=ether2-WAN \ log-prefix=TPLINK protocol=tcp to-addresses=10.10.10.11 to-ports=80 add action=src-nat chain=srcnat dst-address=10.10.10.11 dst-port=80 log-prefix=TPLINK protocol=tcp \ to-addresses=10.10.10.10 add action=redirect chain=dstnat comment="DNS default" dst-port=53 in-interface=ether5-LAN protocol=udp add action=masquerade chain=srcnat out-interface=ether2-WAN add action=masquerade chain=srcnat out-interface=ether5-LAN add action=masquerade chain=srcnat comment="Routes LAN" disabled=yes dst-address=192.168.0.0/23 \ out-interface=ether5-LAN src-address=10.10.10.0/25 /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related add chain=input comment=VPN dst-port=1723 protocol=tcp add chain=input comment="for VPN" protocol=gre add chain=input comment="Permit related connections" connection-state=related add chain=input comment="Permit icmp" protocol=icmp add chain=input comment="Permit established connections" connection-state=established add chain=input comment=IPTV disabled=yes in-interface=ether2-WAN protocol=igmp src-address=0.0.0.0 add chain=input disabled=yes dst-port=5004 in-interface=ether2-WAN protocol=udp add action=drop chain=input dst-port=53 in-interface=ether2-WAN protocol=tcp add action=drop chain=input dst-port=53 in-interface=ether2-WAN protocol=udp add action=drop chain=input comment="Deny invalid connections" connection-state=invalid add action=drop chain=input comment="port scanners" src-address-list="port scanners" add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input comment="drop ssh brute forcers" dst-port=22,1122 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22,1122 protocol=tcp add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3 add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2 add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1 add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" dst-port=25 protocol=tcp src-address-list=spammer add action=add-src-to-address-list address-list=spammer address-list-timeout=1d chain=forward comment="Detect and add-list SMTP virus or spammers" connection-limit=30,32 dst-port=25 \ limit=50,5:packet protocol=tcp add action=drop chain=forward connection-state=invalid add action=drop chain=input in-interface=ether2-WAN src-address-list=BOGON add action=drop chain=input in-interface=ether3-Tritel src-address-list=BOGON add action=drop chain=forward comment="List for drop clients" src-address-list=deny-forward Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
interminable Posted June 6, 2016 · Report post Т.е. я не могу в локальной сети подключиться к устройству используя внешний адрес? 192.168.1.1 - 198.88.56.32 НЕТ 192.168.1.1 - 192.168.1.2 ДА Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
vex Posted June 10, 2016 · Report post Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
interminable Posted August 29, 2016 · Report post НАДО! Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
DobroFenix Posted August 29, 2016 (edited) · Report post Вам сюда Но результат может быть непредсказуем http://wiki.mikrotik.com/wiki/Hairpin_NAT На русском: http://spw.ru/solutions/natpart5/ Edited August 29, 2016 by DobroFenix Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...