+ Responder ao Tópico



  1. #1

    Padrão Converter Regras Iptables para Mikrotik

    Boa tarde,
    Pessoal, estou com dificuldade em transportar estas regras do iptables para o Mikrotik.
    Será que alguém pode me dar uma mão?

    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 5060 -j DNAT --to 172.16.0.123
    iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1


    iptables -t nat -A PREROUTING -p udp -i eth0 --dport 5060 -j DNAT --to 172.16.0.123
    iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1


    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3478 -j DNAT --to 172.16.0.123
    iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1


    iptables -t nat -A PREROUTING -p udp -i eth0 --dport 3478 -j DNAT --to 172.16.0.123
    iptables -t nat -A POSTROUTING -d 172.16.0.123 -j SNAT --to 172.16.0.1


    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 10000:20000 -j DNAT --to 172.16.0.123
    iptables -t nat -A PREROUTING -p udp -i eth0 --dport 10000:20000 -j DNAT --to 172.16.0.123


    iptables -t nat -A PREROUTING -p udp -m multiport -i eth0 --dport 5060,10000:20000 -j DNAT --to 172.16.0.123
    iptables -A FORWARD -p udp -s 172.16.0.123 -j ACCEPT
    iptables -A FORWARD -p udp -m multiport --dport 5060,10000:20000 -d 172.16.0.123 -j ACCEPT


    iptables -t nat -A PREROUTING -m udp -p udp -i eth0 --destination-port 5060 -j REDIRECT


    iptables -A INPUT -m udp -p udp -i eth0 --dport 5060 -j ACCEPT
    iptables -A INPUT -m udp -p udp -i eth0 --dport 10000:20000 -j ACCEPT

    Obrigado.

  2. #2

    Padrão Re: Converter Regras Iptables para Mikrotik

    Código :
    -t nat PREROUTING = DSTNAT
    -t nat POSTROUTING = SRCNAT
    INPUT = FILTER INPUT

    Pronto, traduzido os chains do Iptables para RouterOS, agora é só fazer.

  3. #3

    Padrão Re: Converter Regras Iptables para Mikrotik

    Fiz as alterações conforme configuração abaixo.
    Mas não deu certo ainda.
    Será que tem algo errado?


    NAT

    add action=dst-nat chain=dstnat comment="############" dst-port=5060 in-interface=01-Algar200 protocol=tcp \
    to-addresses=172.16.0.123
    add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
    add action=dst-nat chain=dstnat dst-port=5060 in-interface=01-Algar200 protocol=udp to-addresses=172.16.0.123
    add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
    add action=dst-nat chain=dstnat dst-port=3478 in-interface=01-Algar200 protocol=tcp to-addresses=172.16.0.123
    add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
    add action=dst-nat chain=dstnat dst-port=3478 in-interface=01-Algar200 protocol=udp to-addresses=172.16.0.123
    add action=src-nat chain=srcnat dst-address=172.16.0.123 to-addresses=172.16.0.1
    add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface=01-Algar200 protocol=tcp to-addresses=172.16.0.123
    add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface=01-Algar200 protocol=udp to-addresses=172.16.0.123
    add action=dst-nat chain=dstnat dst-port=5060,10000-20000 in-interface=01-Algar200 protocol=udp to-addresses=\
    172.16.0.123
    add action=redirect chain=dstnat dst-port=5060 in-interface=01-Algar200 protocol=udp


    FILTER RULES

    add action=accept chain=forward comment=## protocol=udp src-address=172.16.0.123
    add action=accept chain=forward dst-address=172.16.0.123 dst-port=5060,10000-20000 protocol=udp
    add action=accept chain=input dst-port=5060 in-interface=01-Algar200 protocol=udp
    add action=accept chain=input dst-port=10000-20000 in-interface=01-Algar200 protocol=udp

  4. #4

    Padrão Re: Converter Regras Iptables para Mikrotik

    RESOLVIDO.
    Obrigado.