Converter Regras Iptables para Mikrotik
Boa tarde,
Pessoal, estou com dificuldade em transportar estas regras do iptables para o Mikrotik.
Será que alguém pode me dar uma mão?
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 5060 -j DNAT --to 172.16.0.123
iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1
iptables -t nat -A PREROUTING -p udp -i eth0 --dport 5060 -j DNAT --to 172.16.0.123
iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3478 -j DNAT --to 172.16.0.123
iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1
iptables -t nat -A PREROUTING -p udp -i eth0 --dport 3478 -j DNAT --to 172.16.0.123
iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 10000:20000 -j DNAT --to 172.16.0.123
iptables -t nat -A PREROUTING -p udp -i eth0 --dport 10000:20000 -j DNAT --to 172.16.0.123
iptables -t nat -A PREROUTING -p udp -m multiport -i eth0 --dport 5060,10000:20000 -j DNAT --to 172.16.0.123
iptables -A FORWARD -p udp -s 172.16.0.123 -j ACCEPT
iptables -A FORWARD -p udp -m multiport --dport 5060,10000:20000 -d 172.16.0.123 -j ACCEPT
iptables -t nat -A PREROUTING -m udp -p udp -i eth0 --destination-port 5060 -j REDIRECT
iptables -A INPUT -m udp -p udp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -m udp -p udp -i eth0 --dport 10000:20000 -j ACCEPT
Obrigado.
Re: Converter Regras Iptables para Mikrotik
Código :
-t nat PREROUTING = DSTNAT
-t nat POSTROUTING = SRCNAT
INPUT = FILTER INPUT
Pronto, traduzido os chains do Iptables para RouterOS, agora é só fazer.
Re: Converter Regras Iptables para Mikrotik
Fiz as alterações conforme configuração abaixo.
Mas não deu certo ainda.
Será que tem algo errado?
NAT
add action=dst-nat chain=dstnat comment="############" dst-port=5060 in-interface=01-Algar200 protocol=tcp \
to-addresses=172.16.0.123
add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
add action=dst-nat chain=dstnat dst-port=5060 in-interface=01-Algar200 protocol=udp to-addresses=172.16.0.123
add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
add action=dst-nat chain=dstnat dst-port=3478 in-interface=01-Algar200 protocol=tcp to-addresses=172.16.0.123
add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
add action=dst-nat chain=dstnat dst-port=3478 in-interface=01-Algar200 protocol=udp to-addresses=172.16.0.123
add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface=01-Algar200 protocol=tcp to-addresses=172.16.0.123
add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface=01-Algar200 protocol=udp to-addresses=172.16.0.123
add action=dst-nat chain=dstnat dst-port=5060,10000-20000 in-interface=01-Algar200 protocol=udp to-addresses=\
172.16.0.123
add action=redirect chain=dstnat dst-port=5060 in-interface=01-Algar200 protocol=udp
FILTER RULES
add action=accept chain=forward comment=## protocol=udp src-address=172.16.0.123
add action=accept chain=forward dst-address=172.16.0.123 dst-port=5060,10000-20000 protocol=udp
add action=accept chain=input dst-port=5060 in-interface=01-Algar200 protocol=udp
add action=accept chain=input dst-port=10000-20000 in-interface=01-Algar200 protocol=udp
Re: Converter Regras Iptables para Mikrotik