Redirecionamento de porta PCC + bridge

[rodrigoadachi]

Ola pessoal, sei que esse assunto é algo comum aqui e tem muitas pessoas com duvidas e varias soluções, bom tentei muitas delas, procurei entender cada uma, e não tive sucesso, estou tendo problemas para redirecionar portas pra acesso ao mk-auth e outro mikrotik por fora.

Tenho 4 links adsl em bridge [pppoe] nas portas 1 a 4 (nos testes só há link na porta 1), na porta 5 [11.0.0.1/8] os clientes e o mk-auth [11.0.0.2], tentei redirecionar a porta 80 para o mk-auth [11.0.0.2] mas não consigo, já tentei outras portas, já tentei acesso a outro mikrotik atras do PCC e nada.

ADDRESS

Código :

11.0.0.1/8              11.0.0.0        5-servers

NAT

Código :

/ip firewall nat
 
chain=srcnat action=masquerade out-interface=1-pppoe log=no log-prefix="" 
 
 
chain=dstnat action=dst-nat to-addresses=11.0.0.2 to-ports=80 protocol=tcp in-interface=1-pppoe dst-port=80 log=no log-prefix=""

MANGLE

Código :

/ip firewall mangle
 
chain=forward action=change-mss new-mss=1440 passthrough=yes tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1441-65535 log=no log-prefix="" 
 
chain=forward action=change-mss new-mss=1440 passthrough=yes tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1441-65535 log=no log-prefix="" 
 
chain=output action=accept src-address-list=nobalance log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=1-wan passthrough=yes connection-state=new dst-address-list=1-link in-interface=5-servers log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=2-wan passthrough=yes connection-state=new dst-address-list=2-link in-interface=5-servers log=no  log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=3-wan passthrough=yes connection-state=new dst-address-list=3-link in-interface=5-servers log=no  log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=4-wan passthrough=yes connection-state=new dst-address-list=4-link in-interface=5-servers log=no  log-prefix="" 
 
chain=prerouting action=mark-routing new-routing-mark=1-wan_route passthrough=no in-interface=5-servers connection-mark=1-wan log=no log-prefix="" 
 
chain=prerouting action=mark-routing new-routing-mark=2-wan_route passthrough=no in-interface=5-servers connection-mark=2-wan log=no log-prefix="" 
 
chain=prerouting action=mark-routing new-routing-mark=3-wan_route passthrough=no in-interface=5-servers connection-mark=3-wan log=no log-prefix="" 
 
chain=prerouting action=mark-routing new-routing-mark=4-wan_route passthrough=no in-interface=5-servers connection-mark=4-wan log=no log-prefix="" 
 
chain=prerouting action=accept protocol=tcp in-interface=5-servers dst-port=433 log=no log-prefix="" 
 
chain=forward action=change-ttl new-ttl=set:30 passthrough=yes protocol=icmp log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=1-wan_conn passthrough=yes connection-state=new in-interface=1-pppoe log=no log-prefix=""
 
chain=prerouting action=mark-connection new-connection-mark=1-wan_conn passthrough=yes connection-state=new in-interface=1-pppoe log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=2-wan_conn passthrough=yes connection-state=new in-interface=2-pppoe log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=3-wan_conn passthrough=yes connection-state=new in-interface=3-pppoe log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=4-wan_conn passthrough=yes connection-state=new in-interface=4-pppoe log=no log-prefix="" 
 
chain=output action=mark-routing new-routing-mark=1-to_wan passthrough=yes connection-mark=1-wan_conn log=no log-prefix="" 
 
chain=output action=mark-routing new-routing-mark=2-to_wan passthrough=yes connection-mark=2-wan_conn log=no log-prefix="" 
 
chain=output action=mark-routing new-routing-mark=3-to_wan passthrough=yes connection-mark=3-wan_conn log=no log-prefix="" 
 
chain=output action=mark-routing new-routing-mark=4-to_wan passthrough=yes connection-mark=4-wan_conn log=no log-prefix="" 
 
chain=prerouting action=accept dst-address=255.255.255.0/24 in-interface=5-servers log=no log-prefix="" 
 
chain=prerouting action=accept dst-address=255.255.255.0/24 in-interface=5-servers log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=1-wan_conn passthrough=yes connection-state=new dst-address-type=!local in-interface=5-servers  per-connection-classifier=both-addresses-and-ports:4/0 log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=2-wan_conn passt per-connection-classifier=both-addresses-and-ports:4/1 log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=3-wan_conn passt per-connection-classifier=both-addresses-and-ports:4/2 log=no log-prefix="" 
 
chain=prerouting action=mark-connection new-connection-mark=4-wan_conn passt per-connection-classifier=both-addresses-and-ports:4/3 log=no log-prefix="" 
 
chain=prerouting action=mark-routing new-routing-mark=1-to_wan passthrough=y
 
chain=prerouting action=mark-routing new-routing-mark=2-to_wan passthrough=y
 
chain=prerouting action=mark-routing new-routing-mark=3-to_wan passthrough=y
 
chain=prerouting action=mark-routing new-routing-mark=4-to_wan passthrough=y

[valdineiq]

Em primeiro lugar altero o IP para uma classe privada, 10.0.0.0/8, 172.16.0.0/12 ou 192.168.0.0/16 pois o que voce esta usando e um IP Publico de internet.
Segundo, marca todas as conexoes de entrada de cada link (de forma separada) com o destino a porta que voce quer e faz o redirecionamento a parti das marcações.
Dependendo da versao do Mikrotik que voce esta usando isso vai varias mas a essência e a mesma.
Por padrao a maioria dos adsl bloqueia a porta baixas de 0 a 1024 logo tenta usar uma porta alta. a 8080 ja peguei em alguns lugares broqueadas tambem.

[rodrigoadachi]

Boa noite,

O IP realmente, estava em uma faixa errada, alterei para 10.0.0.0/8, mas ñ consigo acesso ainda, como faço redirecionamento pelas marcações?