Доброго времени суток.
не получается открыть 443 порт форуму, который стоит на машине.
мучаюсь уже долго так что решил написать сюда
/ip firewall address-list
add address=77.78.100.209 disabled=yes list=block-ip-dst
add address=77.78.100.210 comment=ESXi disabled=yes list=block-ip-dst
add address=91.219.244.203 list=enabla-ip-dst
add address=109.81.208.136 list=enabla-ip-dst
add address=46.13.55.186 list=enabla-ip-dst
add address=78.102.147.169 list=enabla-ip-dst
add address=188.175.125.147 list=enabla-ip-dst
add address=37.192.58.90 comment="Stolen nsk" list=enabla-ip-dst
add address=89.103.112.121 list=enabla-ip-dst
add address=81.30.251.41 list=enabla-ip-dst
add address=37.192.58.90 list=Usnul-Admin
add address=91.219.244.203 list=Usnul-Admin
add address=78.102.147.169 list=Usnul-Admin
add address=188.175.125.147 list=Usnul-Admin
add address=37.188.159.174 list=Usnul-Admin
add address=103.244.82.231 list=Usnul-Admin
add address=78.102.147.169 list=Masters
add address=104.18.60.150 list=Masters
add address=103.21.244.0/22 comment=cloudflare list=enabla-ip-dst
add address=103.22.200.0/22 list=enabla-ip-dst
add address=103.31.4.0/22 list=enabla-ip-dst
add address=104.16.0.0/12 list=enabla-ip-dst
add address=108.162.192.0/18 list=enabla-ip-dst
add address=172.64.0.0/13 list=enabla-ip-dst
add address=188.114.96.0/20 list=enabla-ip-dst
add address=197.234.240.0/22 list=enabla-ip-dst
add address=162.158.0.0/15 list=enabla-ip-dst
add address=173.245.48.0/20 list=enabla-ip-dst
add address=141.101.64.0/18 list=enabla-ip-dst
add address=131.0.72.0/22 disabled=yes list=block-ip-dst
add address=190.93.240.0/20 list=enabla-ip-dst
add address=198.41.128.0/17 list=enabla-ip-dst
add address=131.0.72.0/22 list=enabla-ip-dst
add address=82.208.37.33 list=CGCS-SECURE-IP
add address=46.13.55.186 list=CGCS-SECURE-IP
add address=84.242.100.107 list=CGCS-SECURE-IP
add address=84.242.100.109 list=CGCS-SECURE-IP
add address=62.141.29.254 list=CGCS-SECURE-IP
add address=62.141.30.139 list=CGCS-SECURE-IP
add address=82.208.44.193 list=CGCS-SECURE-IP
/ip firewall filter
add action=accept chain=forward dst-address=77.78.97.220 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark=GEO_OK protocol=tcp
add action=accept chain=forward dst-address=77.78.97.219 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark=GEO_OK protocol=tcp
add action=drop chain=forward dst-port=53 in-bridge-port=\
"E1-CASA uplink" protocol=udp
add action=drop chain=forward dst-port=389,636 protocol=udp
add action=drop chain=forward protocol=udp src-port=123
add action=drop chain=forward comment="drop dle seznamu src" \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
src-address-list=block-ip
add action=drop chain=forward dst-port=53 in-bridge-port=\
"E1-CASA uplink" protocol=tcp
add action=drop chain=forward comment="drop dle seznamu dst" \
dst-address-list=block-ip-dst in-bridge-port="E1-CASA uplink" \
out-bridge-port=E2-SERVER src-address-list=!enabla-ip-dst
add action=accept chain=forward comment="web na 77.78.97.220" \
dst-address=77.78.97.220 dst-port=80 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="arma na 77.78.97.212" \
dst-address=77.78.97.212 dst-port=2302 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=10011 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=30033 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=9987 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=udp
add action=accept chain=input comment="CGCS pro spravu" dst-port=8291 \
protocol=tcp src-address-list=CGCS-SECURE-IP
add action=accept chain=input comment="Usnul admin" dst-port=8291 \
protocol=tcp src-address-list=Usnul-Admin
add action=accept chain=input comment="povoleni full access z home" \
src-address=46.13.55.186
add action=accept chain=forward comment="related established" \
connection-state=established,related
add action=accept chain=input comment="related, established accept" \
connection-state=established,related
add action=drop chain=input comment="default rule" in-bridge-port=\
"E1-CASA uplink"
add action=accept chain=forward src-address-list=Masters
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=AM
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=UA
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=RU
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=LV
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=KZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=KZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=IL
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=GE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=EE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=DE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=CZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=BY
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=\
192.168.145.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=77.78.97.220 \
dst-port=443 in-interface=bridge1 protocol=tcp to-addresses=\
77.78.97.220 to-ports=443
www-ssl отключен
-
Вопрос задан
-
351 просмотр