Boa tarde amigos, alguém poderia me ajudar a redirecionar portas, estou errando em algum lugar, segue abaixo:
Estou saturado de ideias, ja testei varias configurações e não funciona o redirecionamento.
Tenho um link bridge e outro com um modem roteado.
# dec/23/2015 13:59:36 by RouterOS 6.34rc23
# software id = TTFS-R1NF
#
/interface bridge
add name=Bridge
/interface ethernet
set [ find default-name=ether5 ] name=local
/interface pppoe-client
add add-default-route=yes interface=ether2 max-mru=1480 max-mtu=1480 mrru=\
1600 name=pppoeNanoStation password=linkbr [email protected]
add add-default-route=yes disabled=no interface=ether1 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoeSpeedy password=linkbr [email protected]
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
"Security Profile Agroleite" supplicant-identity="" wpa2-pre-shared-key=\
**********
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
default-forwarding=no dfs-mode=no-radar-detect disabled=no frequency=auto \
frequency-mode=regulatory-domain mode=ap-bridge security-profile=\
"Security Profile Agroleite" ssid=Agroleite wireless-protocol=802.11 \
wmm-support=enabled
/ip firewall layer7-protocol
add name=bradesco regexp=bradesco
add name=itau regexp=itau
add name=bancobrasil regexp=bancobrasil
add name=internetbanking regexp=internetbanking
add name=google regexp=goole
add name=ddns regexp=ddns
add name=alelo regexp=alelo
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool ranges=192.168.1.120-192.168.1.150
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool disabled=no interface=Bridge \
lease-time=2h name=DHCP
/queue tree
add name="Full cache" packet-mark=cache-hits parent=global queue=default
/interface bridge port
add bridge=Bridge interface=local
add bridge=Bridge interface=wlan1
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip settings
set tcp-syncookies=yes
/ip address
add address=192.168.1.10/24 interface=local network=192.168.1.0
add address=192.168.10.2/24 interface=ether1 network=192.168.10.0
add address=192.168.20.2/24 interface=ether2 network=192.168.20.0
/ip dhcp-server lease
add address=192.168.1.134 client-id=1:fc:aa:14:f7:e3:cb mac-address=\
FC:AA:14:F7:E3:CB server=DHCP
add address=192.168.1.130 client-id=1:28:cf:e9:9b:a4:79 mac-address=\
28:CF:E9:9B:A4:79 server=DHCP
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.10,8.8.8.8,200.204.0.10 \
gateway=192.168.1.11
/ip dns
set allow-remote-requests=yes cache-size=5048KiB servers="200.204.0.10,200.204\
.0.138,208.67.222.222,8.8.8.8,208.67.220.220,200.221.11.98,200.176.2.10"
/ip firewall address-list
add address=200.155.0.0/16 comment=Bradesco list=sem_balance
add address=200.155.80.0/20 list=sem_balance
add address=200.155.80.0/23 list=sem_balance
add address=177.92.208.0/20 list=sem_balance
add address=200.155.82.0/23 list=sem_balance
add address=200.155.84.0/23 list=sem_balance
add address=200.155.86.0/24 list=sem_balance
add address=200.155.87.0/24 list=sem_balance
add address=200.155.88.0/23 list=sem_balance
add address=200.155.90.0/23 list=sem_balance
add address=200.155.92.0/24 list=sem_balance
add address=200.155.93.0/24 list=sem_balance
add address=200.155.94.0/23 list=sem_balance
add address=192.168.1.111 disabled=yes list=libera_winbox
/ip firewall filter
add action=fasttrack-connection chain=forward comment=SQL disabled=yes \
dst-port=1433 protocol=tcp src-address=0.0.0.0
add chain=forward comment="RDP Totvs" disabled=yes dst-port=3389 protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=1241 \
protocol=tcp
add action=fasttrack-connection chain=forward comment="RDP PC53" disabled=yes \
dst-port=65099 protocol=tcp
add action=fasttrack-connection chain=forward comment="Cameras Celular" \
disabled=yes dst-port=34595-34599 protocol=tcp
add action=fasttrack-connection chain=forward comment="Cameras CMS" disabled=\
yes dst-port=34565-34569 protocol=tcp
add action=fasttrack-connection chain=forward comment=Totvs disabled=yes \
dst-port=1234-1243 protocol=tcp
add action=add-src-to-address-list address-list=knock address-list-timeout=\
15s chain=input dst-port=2771 protocol=tcp
add action=add-src-to-address-list address-list=libera_winbox \
address-list-timeout=15m chain=input dst-port=7127 protocol=tcp \
src-address-list=knock
add chain=input dst-port=8291 protocol=tcp src-address-list=libera_winbox
add action=drop chain=input dst-port=8291 protocol=tcp
add action=drop chain=forward connection-state=invalid
add chain=input comment="Aceita 30 mensagens ICMP por segundo" limit=30,5 \
protocol=icmp
add action=drop chain=input comment="Dropa todo ICMP" protocol=icmp
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input in-interface=!Bridge src-address=192.168.1.0
add action=drop chain=forward src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=jump chain=forward jump-target=tcp protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 \
protocol=tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 \
protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
udp
add chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add chain=icmp comment="host unreachable fragmentation required" \
icmp-options=3:4 protocol=icmp
add chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
src-address-list="port scanners"
add action=tarpit chain=input connection-limit=3,32 disabled=yes protocol=tcp \
src-address-list=dos
add action=add-src-to-address-list address-list=dos address-list-timeout=1d \
chain=input comment="Suprimindo um ataque DoS" connection-limit=0,32 \
disabled=yes protocol=tcp tcp-flags=syn
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
new disabled=yes jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect connection-state=new disabled=yes limit=400,5 protocol=\
tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new disabled=yes protocol=\
tcp tcp-flags=syn
add action=drop chain=input comment="Drop everything else" disabled=yes
/ip firewall mangle
add chain=prerouting comment="Sem Balance" dst-address-list=sem_balance \
in-interface=Bridge
add chain=prerouting comment=\
"====================================================================" \
dst-address=192.168.1.0/24 src-address=192.168.1.0/24
add chain=prerouting dst-address=192.168.10.0/24 src-address=192.168.1.0/24
add chain=prerouting dst-address=192.168.20.0/30 src-address=192.168.1.0/24
add action=mark-connection chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark in-interface=pppoeSpeedy new-connection-mark=\
ether1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether2 new-connection-mark=ether2_conn
add action=jump chain=prerouting comment=\
"====================================================================" \
in-interface=Bridge jump-target=policy_router
add action=mark-routing chain=prerouting comment=\
"====================================================================" \
connection-mark=ether1_conn new-routing-mark=ether1_trafic src-address=\
192.168.1.0/24
add action=mark-routing chain=prerouting connection-mark=ether2_conn \
new-routing-mark=ether2_trafic src-address=192.168.1.0/24
add action=mark-routing chain=output connection-mark=ether1_conn \
new-routing-mark=ether1_trafic
add action=mark-routing chain=output connection-mark=ether2_conn \
new-routing-mark=ether2_trafic
add action=mark-routing chain=prerouting dst-port=3389 new-routing-mark=\
ether2_trafic protocol=tcp
add action=mark-connection chain=policy_router comment=\
"====================================================================" \
dst-address-type=!local in-interface=Bridge new-connection-mark=\
ether1_conn per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=policy_router dst-address-type=!local \
in-interface=Bridge new-connection-mark=ether2_conn \
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=policy_router dst-address-type=!local \
in-interface=Bridge new-connection-mark=ether2_conn \
per-connection-classifier=both-addresses-and-ports:3/2
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
comment=\
"====================================================================" \
dst-address-list=!192.168.1.0/24 layer7-protocol=bradesco protocol=tcp
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
dst-address-list=!192.168.1.0/24 layer7-protocol=bancobrasil protocol=tcp
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
dst-address-list=!192.168.1.0/24 layer7-protocol=internetbanking \
protocol=tcp
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
dst-address-list=!192.168.1.0/24 layer7-protocol=itau protocol=tcp
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
disabled=yes dst-address-list=!192.168.1.0/24 dst-port=1234-1243 \
protocol=tcp
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
disabled=yes dst-address-list=!192.168.1.0/24 dst-port=1433 protocol=tcp
add action=add-dst-to-address-list address-list=sem_balance chain=forward \
dst-address-list=!192.168.1.0/24 layer7-protocol=alelo protocol=tcp
add action=mark-packet chain=output comment="CACHE HIT/Zaib" disabled=yes \
dscp=4 new-packet-mark=cache-hits passthrough=no protocol=tcp src-port=\
3129
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=pppoeSpeedy
add action=masquerade chain=srcnat disabled=yes out-interface=Bridge
add action=redirect chain=dstnat disabled=yes dst-port=80 in-interface=ether2 \
protocol=tcp src-address=192.168.1.0/24 to-ports=3129
add action=redirect chain=dstnat disabled=yes dst-port=80 in-interface=ether1 \
protocol=tcp src-address=192.168.1.0/24 to-ports=3129
add action=dst-nat chain=dstnat dst-port=1433 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.94 to-ports=1433
add action=dst-nat chain=dstnat dst-port=1433 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.94 to-ports=1433
add action=dst-nat chain=dstnat dst-port=34567 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.90 to-ports=34567
add action=dst-nat chain=dstnat dst-port=34567 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.90 to-ports=34567
add action=dst-nat chain=dstnat dst-port=34596 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.90 to-ports=34596
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\
pppoeSpeedy protocol=tcp to-addresses=192.168.1.50 to-ports=3389
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\
ether2 protocol=tcp to-addresses=192.168.1.50 to-ports=3389
add action=dst-nat chain=dstnat dst-port=65099 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.111 to-ports=8933
add action=dst-nat chain=dstnat dst-port=65099 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.111 to-ports=8933
add action=dst-nat chain=dstnat dst-port=34596 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.90 to-ports=34596
add action=dst-nat chain=dstnat dst-port=34566 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.9 to-ports=34566
add action=dst-nat chain=dstnat dst-port=34566 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.9 to-ports=34566
add action=dst-nat chain=dstnat dst-port=34597 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.9 to-ports=34597
add action=dst-nat chain=dstnat dst-port=34597 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.9 to-ports=34597
add action=dst-nat chain=dstnat dst-port=34568 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.7 to-ports=34568
add action=dst-nat chain=dstnat dst-port=34568 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.7 to-ports=34568
add action=dst-nat chain=dstnat dst-port=34599 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.7 to-ports=34599
add action=dst-nat chain=dstnat dst-port=34599 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.7 to-ports=34599
add action=dst-nat chain=dstnat dst-port=34598 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.18 to-ports=34598
add action=dst-nat chain=dstnat dst-port=34598 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.18 to-ports=34598
add action=dst-nat chain=dstnat dst-port=34569 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.18 to-ports=34569
add action=dst-nat chain=dstnat dst-port=34569 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.18 to-ports=34569
add action=dst-nat chain=dstnat dst-port=34595 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.15 to-ports=34595
add action=dst-nat chain=dstnat dst-port=34595 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.15 to-ports=34595
add action=dst-nat chain=dstnat dst-port=34565 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.15 to-ports=34565
add action=dst-nat chain=dstnat dst-port=34565 in-interface=ether2 protocol=\
tcp to-addresses=192.168.1.15 to-ports=34565
add action=dst-nat chain=dstnat dst-port=1234-1245 in-interface=pppoeSpeedy \
protocol=tcp to-addresses=192.168.1.50 to-ports=1234-1241
add action=dst-nat chain=dstnat dst-port=1234-1245 in-interface=ether2 \
protocol=tcp to-addresses=192.168.1.50 to-ports=1234-1241
/ip firewall service-port
set sip ports=5060,5061,20561
/ip hotspot ip-binding
add address=192.168.5.1 disabled=yes to-address=192.168.5.20
/ip proxy
set cache-on-disk=yes cache-path=disk1 max-cache-size=2048KiB \
max-client-connections=1000 max-server-connections=1000 port=3129 \
src-address=192.168.1.13
/ip proxy access
add src-address=192.168.1.0/24
add action=deny
/ip route
add distance=1 gateway=pppoeSpeedy routing-mark=ether1_trafic
add distance=1 gateway=192.168.20.1 routing-mark=ether2_trafic
add disabled=yes distance=1 dst-address=192.168.1.50/32 gateway=ether2 \
routing-mark=ether2_trafic scope=255
add comment=NanoStation distance=2 gateway=192.168.20.1
add comment=Agroleite distance=3 gateway=pppoeSpeedy
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=America/Sao_Paulo
/system leds
set 0 leds=user-led type=interface-activity
add interface=ether1 leds="" type=interface-activity
add interface=ether2 leds="" type=interface-activity
add interface=local leds=wlan-led type=interface-activity
/system ntp client
set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=200.189.40.8 \
server-dns-names=8.8.8.8
/system package update
set channel=release-candidate
/system scheduler
add interval=1d name=exec_reboot on-event="/system script run reboot" policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/01/1970 start-time=01:00:00
/system script
add name=reboot owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/system reboot"
/tool graphing resource
add
/tool romon port
add