我有 LTE Mikrotik HRBwAPGR-5HacD2HnD 和 QNAP NAS 服务器。我需要将流量从互联网路由到 QNAP 服务器 (192.168.88.102)(使用 DDNS 等),但无法执行,也许我设置了错误的 NAT 规则?
ip 导出输出:
# jan/12/2024 15:47:44 by RouterOS 6.49.7
# software id = 2DFH-9ZZK
#
# model = RBwAPGR-5HacD2HnD
# serial number = HDG08GNT5V5
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN
add action=accept chain=forward dst-address=192.168.88.102 dst-port=8080,80,443,8081 log=yes protocol=tcp
add action=accept chain=output disabled=yes dst-address=192.168.88.102 dst-port=8080 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=8080 in-interface=bridge log=yes protocol=tcp to-addresses=192.168.88.102 to-ports=8080
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether2 type=internal
add interface=ether1 type=internal
add interface=bridge type=internal
日志输出:
dstnat: in:bridge out:(unknown 0), src-mac 14:7d:da:db:da:93, proto TCP (SYN), 192.168.88.253:57545->185.115.5.162:8080, len 48
forward: in:bridge out:bridge, src-mac 14:7d:da:db:da:93, proto TCP (SYN), 192.168.88.253:57545->192.168.88.102:8080, NAT 192.168.88.253:57545->(185.115.5.162:8080->192.168.88.102:8080), len 48