MikroTik 在双线状态下如何正确设置端口映射?

2022-07-18 11:52:48 +08:00
 makusuofute

这个是配置文件,寻求 WAN 口端口映射配置,设置了但是不起效果,看了教程还是迷糊

[admin@MikroTik] > / export

jul/18/2022 11:38:23 by RouterOS 6.49.6

software id = F9KQ-H96D

model = CCR1016-12G

serial number = 7233068BA78A

/interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether1 ] name=ether1-WAN set [ find default-name=ether2 ] name=ether2-WAN2 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.44.2-192.168.44.254 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1 /interface bridge port add bridge=bridge1 interface=ether12 add bridge=bridge1 interface=ether10 add bridge=bridge1 interface=ether9 add bridge=bridge1 interface=ether11 /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip address add address=192.168.44.1/24 interface=bridge1 network=192.168.44.0 add address=192.168.23.74/24 interface=ether1-WAN network=192.168.23.0 add address=10.120.120.90/24 interface=ether2-WAN2 network=10.120.120.0 /ip dhcp-server network add address=192.168.44.0/24 dns-server=223.5.5.5 gateway=192.168.44.1 /ip dns set servers=223.5.5.5 /ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=mail passthrough=no
src-address=192.168.44.200 /ip firewall nat add action=masquerade chain=srcnat connection-limit=0,32 out-interface=!bridge1 add action=dst-nat chain=dstnat dst-port=9999 in-interface=ether2-WAN2 log=yes
protocol=tcp to-addresses=192.168.44.253 to-ports=23 add action=dst-nat chain=dstnat dst-port=9998 in-interface=ether1-WAN protocol=
tcp to-addresses=192.168.44.200 to-ports=80 add action=dst-nat chain=dstnat connection-limit=0,32 dst-limit=
0,5,dst-address/1m40s dst-port=9997 in-interface=ether1-WAN limit=
0,5:packet protocol=tcp to-addresses=192.168.44.200 to-ports=23 add action=dst-nat chain=dstnat dst-port=10000 in-interface=ether2-WAN2
protocol=tcp to-addresses=192.168.44.253 to-ports=4430 /ip route add check-gateway=ping distance=1 gateway=192.168.23.254 routing-mark=mail add check-gateway=ping distance=1 gateway=10.120.120.1 /system clock

1257 次点击
所在节点    路由器
3 条回复
neroxps
2022-07-18 17:18:42 +08:00
neroxps
2022-07-19 10:34:18 +08:00
感觉还有一个方案,把 interface list 里面把拨号端口加到 WAN list 里,然后配 in interface list 是 WAN 。匹配则走 dnat 应该也可以。
这样 nat loopback 不需要知道 wan-ip 是多少。也不需要脚本更新 wan-ip 列表。
neroxps
2022-07-19 11:00:56 +08:00
@neroxps #2 但是 loopback 不能这样写,还需要地址伪装。所以还是得用脚本更新地址 wan-ip 列表。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/866958

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX