Помогите разобраться, почему не отрабатывает проброс портов?!
Порты 80 и 443 отрабатывают запрос. а порты 55899 и 44899 только увеличиваются счетчики и больше ничего
P.S:
AKADO - WAN (провайдер)
2.2.2.0/24 - LAN
3.3.3.0/29 - L2TP VPN
1) Правила фильтра:
Код: Выделить всё
# dec/05/2018 12:29:39 by RouterOS 6.43.7
# software id = RALS-T2Z8
#
# model = 951Ui-2HnD
# serial number =********
/ip firewall filter
add action=accept chain=input comment="Accept input icmp" in-interface=AKADO protocol=icmp
add action=accept chain=forward in-interface=AKADO protocol=icmp
add action=accept chain=input comment="Accept established & related connection" connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward comment="Accept services ports" connection-state=established,related,new dst-port=80,443,55899,44899 in-interface=AKADO protocol=tcp
add action=accept chain=input comment="Accept L2TP" dst-port=1701,500,4500 in-interface=AKADO protocol=udp
add action=accept chain=input in-interface=AKADO protocol=ipsec-esp
add action=accept chain=forward comment="Forward L2TP -> LAN" dst-address=2.2.2.0/24 src-address=3.3.3.0/29
add action=accept chain=input comment="Accept connections for LAN to WAN" in-interface=!AKADO src-address=2.2.2.0/24
add action=drop chain=input comment="Drop all input DNS" dst-port=53 in-interface=AKADO protocol=udp
add action=drop chain=input dst-port=53 in-interface=AKADO protocol=tcp
add action=drop chain=input comment="Drop all invalid connections" connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface=AKADO
add action=accept chain=forward comment="Accept forward from LAN to WAN" in-interface=!AKADO out-interface=AKADO
add action=drop chain=forward comment="Block Bogon IP Address" src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=input comment="Block hole Windows" dst-port=135,137-139,445,593,4444 protocol=tcp
add action=drop chain=forward dst-port=135,137-139,445,593,4444 protocol=tcp
add action=drop chain=input dst-port=135,137-139 protocol=udp
add action=drop chain=forward dst-port=135,137-139 protocol=udp
add action=drop chain=input comment="Drop WINBOX brute forcers" dst-port=3333protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=winbox_blacklist address-list-timeout=3d chain=input connection-state=new dst-port=3333in-interface=AKADO protocol=tcp src-address-list=ssh_stage3
add action=drop chain=input comment="Drop SSH brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=3d chain=input connection-state=new dst-port=22 in-interface=AKADO protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="Port scanners to list" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address-list=port_scanners
add action=drop chain=forward src-address-list=port_scanners
add action=drop chain=forward comment="Drop all other connections"
Код: Выделить всё
# dec/05/2018 12:32:36 by RouterOS 6.43.7
# software id = RALS-T2Z8
#
# model = 951Ui-2HnD
# serial number = *********
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT for HTTPS port on web" dst-port=443 in-interface=AKADO protocol=tcp to-addresses=2.2.2.6 to-ports=443
add action=dst-nat chain=dstnat comment="DST-NAT for HTTP port on web" dst-port=80 in-interface=AKADO protocol=tcp to-addresses=2.2.2.6 to-ports=80
add action=netmap chain=dstnat comment="DST-NAT for SSH port on web" dst-port=55899 in-interface=AKADO log=yes log-prefix="web ssh connect" protocol=tcp to-addresses=2.2.2.6 to-ports=22
add action=dst-nat chain=dstnat comment="DST-NAT for transmission port on media" dst-port=44899 in-interface=AKADO protocol=tcp to-addresses=2.2.2.8 to-ports=9091
add action=masquerade chain=srcnat comment="LAN masquerade" out-interface-list=WAN