Перенаправить трафик из внутренней к наружнему адрессу

Обсуждение ОС и пр.
Ответить
Аватара пользователя
borka75
Сообщения: 3
Зарегистрирован: 14 ноя 2017, 18:18

17 ноя 2017, 10:54

Проблема следующего характера, есть сервер на нем крутится программа HANSA (192.168.2.108) на клиентских машинах поставлен адресс обращение к внеш. адрессу (1.1.1.1) по портам 22 и 7052. Клиент обращаясь к серверу - сервер говорит порт 7052 не отвечает. И на этом же сервере крутится сайт - из внутреней сети его нету. Где ошибка?


/ip firewall address-list
add address=81.198.71.219 list=Access
add address=80.233.239.122 list=Access
add address=213.226.141.221 list=Access
/ip firewall filter
add action=drop chain=forward disabled=yes dst-address=213.21.213.0/24 \
src-address=192.168.2.0/24
add action=accept chain=input connection-state=established,new disabled=yes
add action=accept chain=input disabled=yes src-address=192.168.2.0/24
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=\
Access
add action=accept chain=forward disabled=yes src-address=192.168.2.0/24
add action=accept chain=output disabled=yes
add action=drop chain=forward disabled=yes dst-address=62.85.117.20 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=89.111.9.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=91.203.70.86 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=213.175.75.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=74.125.210.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=93.158.110.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=69.171.242.13 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=217.16.18.106 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=194.186.121.42 \
src-address=192.168.2.0/24
add action=reject chain=forward comment=Vkontakte.ru content=vk.com disabled=\
yes protocol=tcp reject-with=tcp-reset src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=194.186.121.35 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=91.199.86.4 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=91.90.239.30 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=89.111.3.217 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=178.16.16.9 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=173.194.48.18 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=74.125.226.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=173.194.48.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=206.132.73.0/24 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=208.117.226.0/24 \
src-address=192.168.2.0/24
add action=reject chain=forward comment=Facebook content=facebook.com \
disabled=yes protocol=tcp reject-with=tcp-reset src-address=\
192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=93.186.224.240 \
src-address=192.168.2.0/24
add action=drop chain=forward disabled=yes dst-address=93.186.224.247 \
src-address=192.168.2.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether5 to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=Bitcom dst-port=3389 protocol=tcp \
src-address=80.233.239.122 to-addresses=192.168.2.7 to-ports=3389
add action=dst-nat chain=dstnat comment="Boris HOME" dst-port=3389 protocol=\
tcp src-address=213.226.141.221 to-addresses=192.168.2.7 to-ports=3389
add action=dst-nat chain=dstnat comment="Ilmars SMTP" disabled=yes \
dst-address=81.198.71.219 dst-port=25 log=yes protocol=tcp to-addresses=\
192.168.2.108 to-ports=25
add action=dst-nat chain=dstnat dst-address=81.198.71.219 dst-port=7050-7057 \
log=yes protocol=tcp to-addresses=192.168.2.108
add action=dst-nat chain=dstnat dst-address=81.198.71.219 dst-port=22 \
protocol=tcp to-addresses=192.168.2.108 to-ports=22
add action=netmap chain=dstnat dst-address=81.198.71.219 dst-port=\
7050-7057,22 log=yes protocol=tcp src-address=192.168.2.0/24 \
to-addresses=192.168.2.108
add action=netmap chain=dstnat disabled=yes dst-address=81.198.71.219 \
dst-port=22 protocol=tcp src-address=192.168.2.0/24 to-addresses=\
192.168.2.108 to-ports=22
add action=masquerade chain=srcnat dst-address=192.168.2.108 dst-port=\
7050-7057,22 protocol=tcp src-address=192.168.2.0/24 to-addresses=\
192.168.2.108 to-ports=22
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.2.108 \
dst-port=22 protocol=tcp src-address=192.168.2.0/24 to-addresses=\
192.168.2.108 to-ports=22
add action=dst-nat chain=dstnat comment=HansaWorld dst-address=81.198.71.219 \
dst-port=80 log-prefix=web protocol=tcp to-addresses=192.168.2.108 \
to-ports=80
add action=dst-nat chain=dstnat dst-address=81.198.71.219 dst-port=1081 log=\
yes protocol=tcp to-addresses=192.168.2.108 to-ports=1081
add action=dst-nat chain=dstnat dst-address=81.198.71.219 dst-port=1301 log=\
yes protocol=tcp to-addresses=192.168.2.108 to-ports=1301
add action=dst-nat chain=dstnat dst-address=81.198.71.219 dst-port=499 log=\
yes protocol=tcp to-addresses=192.168.2.108 to-ports=499
add action=dst-nat chain=dstnat comment="SSH from icloud to Grif Hansa" \
dst-port=22 log=yes protocol=tcp src-address=94.237.28.229 to-addresses=\
192.168.2.108 to-ports=22
add action=dst-nat chain=dstnat comment=Vitocom dst-port=22 log=yes protocol=\
tcp src-address=80.232.240.31 to-addresses=192.168.2.108 to-ports=22
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp ports=1723
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes


vkrum
Сообщения: 118
Зарегистрирован: 10 ноя 2012, 00:23

20 ноя 2017, 02:59

если правильно понял, то была такая тема
viewtopic.php?f=3&t=4070


Ответить