Рабочий конфиг
#
/ip firewall filter
add chain=input src-address=77.108.128.0/24
add chain=input connection-state=related
add chain=input in-interface=ether1-gateway
add chain=forward dst-port=55963 log=yes protocol=udp
add chain=forward dst-port=10000-20000 log=yes protocol=udp
add chain=input connection-state=established
add chain=input protocol=icmp
add chain=input src-address=77.108.150.226
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add action=drop chain=input in-interface=ether1-gateway
add action=drop chain=input in-interface=pppoe-out1
add chain=forward connection-state=established
add chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether1-gateway \
protocol=udp to-addresses=192.168.88.100 to-ports=5060
add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.100 to-ports=\
10000-20000
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip firewall service-port
set sip disabled=yes
Комментариев нет:
Отправить комментарий