Jump to content
  • 0

Harpin NAT проблем.

walkingcurs3

Asked by walkingcurs3,

 Share

Question

walkingcurs3 Rookie

walkingcurs3

Posted
Posted (edited)

Изгледах сумати и видеа и прочетох доста информация навсякъде се препоръчват едни и същи правила. И все не мога си достъпна апаче сървара от локалната мрежа. 

/ip firewall filter
add action=accept chain=input comment="Accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="Accept ICMP" protocol=icmp
add action=accept chain=input comment=FTP dst-port=2221 in-interface-list=WAN log=yes protocol=tcp
add action=accept chain=input comment="Accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Allow WINBOX" dst-port=8291 log=yes protocol=tcp
add action=accept chain=input comment="Allow L2TP VPN (ipsec-esp)" in-interface-list=WAN protocol=ipsec-esp
add action=accept chain=input comment="Allow L2TP VPN (500,4500,1701/udp)" dst-port=500,1701,4500 in-interface-list=WAN protocol=udp
add action=accept chain=input comment="Allow connections from VPN network" log=yes src-address=192.168.20.0/24
add action=drop chain=input comment="Drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="Accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="Accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=established,related
add action=accept chain=forward comment="Accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=drop chain=forward comment="Drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN log=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=XXX.XXX.XXX.XXX dst-port=80 protocol=tcp to-addresses=192.168.10.2
add action=masquerade chain=srcnat dst-address=192.168.10.2 dst-port=80 out-interface=br_local protocol=tcp src-address=192.168.10.0/24

Забелязах че като въведа IP-то се зарежда страницата. Но аз имам dns адрес от интернет доставчика като го въведа не се зарежда страницата.

Edited by walkingcurs3
Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0
hgd Explorer

hgd

Posted
Posted

Най-бързото и просто решение - сложи си статичен запис в DNS-а на микротика домейна ти да се отваря с частното IP.

Link to comment
Share on other sites
  • 0
  • Administrator
JohnTRIVOLTA Proficient

JohnTRIVOLTA

Posted
  • Administrator
Posted

Вдигни си сорс правилото за HARPIN NAT да е първо за да хване !

Link to comment
Share on other sites
  • 0
walkingcurs3
Rookie

walkingcurs3

Posted
  • Author
Posted

Проблема се оказа браузъра.. през Edge си отваря всичко нормално. Много ми е хикс хрома защо не искаше да отваря...

 

Link to comment
Share on other sites
  • 0
  • Administrator
111111 Rising Star

111111

Posted
  • Administrator
Posted
Преди 4 часа, walkingcurs3 написа:

Много ми е хикс хрома защо не искаше да отваря...

 

Не се научихте че тоз гад не може да се контролира, ползва набити днс-и

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа

ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept