这是一个创建于 1187 天前的主题,其中的信息可能已经有所发展或是发生改变。
这个是配置文件,寻求 WAN 口端口映射配置,设置了但是不起效果,看了教程还是迷糊
[admin@MikroTik] > / export
jul/18/2022 11:38:23 by RouterOS 6.49.6
software id = F9KQ-H96D
modl = CCR1016-12G
serial number = 7233068BA78A
/interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether1 ] name=ether1-WAN set [ find default-name=ether2 ] name=ether2-WAN2 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.44.2-192.168.44.254 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1 /interface bridge port add bridge=bridge1 interface=ether12 add bridge=bridge1 interface=ether10 add bridge=bridge1 interface=ether9 add bridge=bridge1 interface=ether11 /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip address add address=192.168.44.1/24 interface=bridge1 network=192.168.44.0 add address=192.168.23.74/24 interface=ether1-WAN network=192.168.23.0 add address=10.120.120.90/24 interface=ether2-WAN2 network=10.120.120.0 /ip dhcp-server network add address=192.168.44.0/24 dns-server=223.5.5.5 gateway=192.168.44.1 /ip dns set servers=223.5.5.5 /ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=mail passthrough=no
src-address=192.168.44.200 /ip firewall nat add action=masquerade chain=srcnat connection-limit=0,32 out-interface=!bridge1 add action=dst-nat chain=dstnat dst-port=9999 in-interface=ether2-WAN2 log=yes
protocol=tcp to-addresses=192.168.44.253 to-ports=23 add action=dst-nat chain=dstnat dst-port=9998 in-interface=ether1-WAN protocol=
tcp to-addresses=192.168.44.200 to-ports=80 add action=dst-nat chain=dstnat connection-limit=0,32 dst-limit=
0,5,dst-address/1m40s dst-port=9997 in-interface=ether1-WAN limit=
0,5:packet protocol=tcp to-addresses=192.168.44.200 to-ports=23 add action=dst-nat chain=dstnat dst-port=10000 in-interface=ether2-WAN2
protocol=tcp to-addresses=192.168.44.253 to-ports=4430 /ip route add check-gateway=ping distance=1 gateway=192.168.23.254 routing-mark=mail add check-gateway=ping distance=1 gateway=10.120.120.1 /system clock
 | 1 neroxps 2022-07-18 17:18:42 +08:00 |
| 2 neroxps 2022-07-19 10:34:18 +08:00 感觉还有一个方案,把 interface list 里面把拨号端口加到 WAN list 里,然后配 in interface list 是 WAN 。匹配则走 dnat 应该也可以。 这样 nat loopback 不需要知道 wan-ip 是多少。也不需要脚本更新 wan-ip 列表。    |
Select Language