Прошу о помощи! На входе (в подъезде) есть Акадовский humax hg100re-ak (192.168.0.1) со статикой, от него кабелек идет до CRS125-24G-1S-2HnD (192.168.88.1).
В Микротик уже воткнуты все сетевые устройства, включая сервер (192.168.88.2), к которому дюже нужно открыть доступ извне по 3389 RDP порту.
Что я пробовал сделать на входящем роутере:
1. проброс порта tcp-3389 на 192.168.88.1 (Микротик) на Микротике с правилом NAT - dtsnat - опишу ниже.
2. проброс порта tcp-3389 на 192.168.88.2 (Сервер) на Микротике без правила NАТ
Что я делал на Микротике :
1. Стандартную настройку по инструкции (https://help.powernet.com.ru/MikroTik_Settings.pdf)
2. Проброс порта 3389 с интерфейса WAN на сервер (192.168.88.2)
add action=dst-nat chain=dstnat dst-port=3389 in-interface=WAN24 protocol=tcp to-addresses=192.168.88.2 to-ports=3389
Все эти телодвижения ни к чему не приводят :(
Код: Выделить всё
# sep/05/2019 15:19:46 by RouterOS 6.45.5
# software id = W5BP-B8B5
#
# model = CRS125-24G-1S-2HnD
# serial number = 944B07838D95
/interface bridge
add admin-mac=64:D1:54:FB:31:1A auto-mac=no name=Bridge-LOCAL
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n channel-width=20/40mhz-Ce country=russia disabled=no distance=indoors frequency-mode=regulatory-domain \
guard-interval=long hw-protection-mode=rts-cts keepalive-frames=disabled mode=ap-bridge multicast-helper=full ssid=***** wireless-protocol=802.11 wmm-support=enabled
/interface ethernet
set [ find default-name=ether1 ] name=LAN1-MASTER speed=100Mbps
set [ find default-name=ether2 ] name=LAN2-SLAVE speed=100Mbps
set [ find default-name=ether3 ] name=LAN3-SLAVE speed=100Mbps
set [ find default-name=ether4 ] name=LAN4-SLAVE speed=100Mbps
set [ find default-name=ether6 ] name=LAN6-SLAVE speed=100Mbps
set [ find default-name=ether7 ] name=LAN7-SLAVE speed=100Mbps
set [ find default-name=ether8 ] name=LAN8-SLAVE speed=100Mbps
set [ find default-name=ether9 ] name=LAN9-SLAVE speed=100Mbps
set [ find default-name=ether10 ] name=LAN10-SLAVE speed=100Mbps
set [ find default-name=ether11 ] name=LAN11-SLAVE speed=100Mbps
set [ find default-name=ether12 ] name=LAN12-SLAVE speed=100Mbps
set [ find default-name=ether24 ] name=WAN24 speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether13 ] speed=100Mbps
set [ find default-name=ether14 ] speed=100Mbps
set [ find default-name=ether15 ] speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] speed=100Mbps
set [ find default-name=ether18 ] speed=100Mbps
set [ find default-name=ether19 ] speed=100Mbps
set [ find default-name=ether20 ] speed=100Mbps
set [ find default-name=ether21 ] speed=100Mbps
set [ find default-name=ether22 ] speed=100Mbps
set [ find default-name=ether23 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=Bridge-LOCAL name=dhcp1
/interface bridge port
add bridge=Bridge-LOCAL interface=LAN1-MASTER
add bridge=Bridge-LOCAL interface=wlan1
add bridge=Bridge-LOCAL interface=LAN2-SLAVE
add bridge=Bridge-LOCAL interface=LAN3-SLAVE
add bridge=Bridge-LOCAL interface=LAN4-SLAVE
add bridge=Bridge-LOCAL interface=LAN6-SLAVE
add bridge=Bridge-LOCAL interface=LAN7-SLAVE
add bridge=Bridge-LOCAL interface=LAN8-SLAVE
add bridge=Bridge-LOCAL interface=LAN9-SLAVE
add bridge=Bridge-LOCAL interface=LAN10-SLAVE
add bridge=Bridge-LOCAL interface=LAN11-SLAVE
add bridge=Bridge-LOCAL interface=LAN12-SLAVE
/ip address
add address=192.168.88.1/24 interface=Bridge-LOCAL network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=WAN24
add dhcp-options=hostname,clientid interface=sfp1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=192.168.88.2,217.10.36.5,217.10.44.35,217.10.39.4
/ip firewall filter
add action=accept chain=input connection-state=established,related disabled=yes in-interface=Bridge-LOCAL
add action=accept chain=forward comment="Rule for RDP port" disabled=yes dst-address=192.168.88.2 dst-port=3389 in-interface=WAN24 protocol=tcp
add action=accept chain=input protocol=igmp
/ip firewall nat
add action=masquerade chain=srcnat comment="LAN TO WAN" out-interface=WAN24
add action=dst-nat chain=dstnat dst-port=3389 in-interface=WAN24 protocol=tcp to-addresses=192.168.88.2 to-ports=3389
add action=src-nat chain=srcnat comment="Open port for RDP" disabled=yes dst-address=192.168.88.2 dst-port=3389 protocol=tcp to-addresses=192.168.88.1
add action=dst-nat chain=dstnat disabled=yes dst-port=23 in-interface=WAN24 protocol=tcp to-addresses=192.168.88.2 to-ports=23
/ip service
set telnet address=192.168.88.0/24
set ftp address=192.168.88.0/24
set www address=192.168.88.0/24
set ssh address=192.168.88.0/24
set www-ssl address=5.134.223.6/32 disabled=no
set api address=192.168.88.0/24
set winbox address=5.134.223.6/32
set api-ssl address=192.168.88.0/24
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=Bridge-LOCAL type=internal
add interface=WAN24 type=external
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=WAN24 upstream=yes
add interface=Bridge-LOCAL
/system clock
set time-zone-name=Asia/Krasnoyarsk
/system ntp client
set enabled=yes primary-ntp=88.147.254.230 secondary-ntp=88.147.254.232
/system package update
set channel=development