а не регался потому из-за двух NAT
1 192.168.192.1 (192.168.192.1) 0.289 ms 0.373 ms 0.444 ms
2 10.0.0.2 (10.0.0.2) 1.778 ms 2.158 ms 2.579 ms
Elastix 2.3.0 настройка sip.tenet.ua
Re: Elastix 2.3.0 настройка sip.tenet.ua
я не могу понять откуда 10.0.0.2 взялся? я ничего подобного в астере не настраивал. это кстати не может быть случайно прозрачный web proxy микротика т.к. он поднят для работников чтобы они не лазили куда не надо? хотя через прокси только 80 порт TCP проходит. остальное на него не перенаправляется
Re: Elastix 2.3.0 настройка sip.tenet.ua
10.0.0.2 это адрес роутера провайдера, надо будет позвонить и раздолбать.
Re: Elastix 2.3.0 настройка sip.tenet.ua
Отключаю резервный канал и оставляю только основной 78.111.X.X. Астериск на тенете не регистрируется. Запускаю x-lite на компе из той же подсети за тем же роутером и спокойно регистрируюсь и звоню. В чём тут может быть дело?
Re: Elastix 2.3.0 настройка sip.tenet.ua
У вас на микротике тьма средств для анализа ситуации.
Можно в файрволе правило создать которое будет вести лог пакетов и в логе смотреть что куда идет.
Есть Torch показывающий в реалтайме что куда идет.
Есть снифер где тоже можно написать правила позволящие более внимательно изучить ситуацию...
И т.д.
Проблема похоже в маршрутизации. Значит и решать ее с помощью маршрутизатора.
Выложите под спойлер вывод команд с роутера
Может что-то увидится.
Ну и скажите заодно как у вас организован переход основной/запасной канал.
Можно в файрволе правило создать которое будет вести лог пакетов и в логе смотреть что куда идет.
Есть Torch показывающий в реалтайме что куда идет.
Есть снифер где тоже можно написать правила позволящие более внимательно изучить ситуацию...
И т.д.
Проблема похоже в маршрутизации. Значит и решать ее с помощью маршрутизатора.
Выложите под спойлер вывод команд с роутера
Код: Выделить всё
interface export
ip address export
ip route export
ip firewall nat exportНу и скажите заодно как у вас организован переход основной/запасной канал.
Re: Elastix 2.3.0 настройка sip.tenet.ua
interface export
ip address export
ip route export
ip firewall nat export
Астер находится на 192.168.192.253. Роутер достался в наследство, его настройкой занимался другой человек. Я только прокси сделал, пробросил несколько нужных мне портов и реализовал фильтрацию по макам.
PRIME_BBCODE_SPOILER_SHOW PRIME_BBCODE_SPOILER:
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:41 \
master-port=none mtu=1500 name=717-99 speed=1Gbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:42 \
master-port=none mtu=1500 name=ether1 speed=1Gbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:43 \
master-port=none mtu=1480 name=Wi-Fi speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:44 \
master-port=none mtu=1500 name="ether4 (ATV)" speed=1Gbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:45 \
master-port=none mtu=1500 name=ether5 speed=100Mbps
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:46 \
master-port=none mtu=1500 name=ether6 speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:47 \
master-port=none mtu=1500 name=ether7 speed=100Mbps
set 7 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:48 \
master-port=none mtu=1500 name=ether8 speed=100Mbps
set 8 arp=reply-only auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:49 \
master-port=none mtu=1500 name=9...Office speed=100Mbps
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=717-99 max-mru=1480 max-mtu=1480 \
mrru=disabled name=XXXXXXX password=XXXXXXXX profile=default \
service-name="" use-peer-dns=yes user=XXXXXXXX@dsl.ukrtel.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=yes disabled=no interface="ether4 (ATV)" max-mru=1480 \
max-mtu=1480 mrru=disabled name=XXXX password=XXXXXXX profile=default \
service-name=xxxx use-peer-dns=yes user=xxx
/interface pptp-server
add disabled=no name=pptp-salgani_to_zatoka user=salgani_to_zatoka
add disabled=no name=pptp-salgani_to_zatoka_backup user=\
salgani_to_zatoka_backup
add disabled=no name=pptp-tc-ruta_to_zatoka user=tc-ruta_to_zatoka
add disabled=no name=pptp-tc-ruta_to_zatoka_backup user=\
tc-ruta_to_zatoka_backup
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
set 1 mirror-source=none mirror-target=none name=switch2
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" eap-methods=passthrough \
group-ciphers="" group-key-update=5m interim-update=0s \
management-protection=disabled management-protection-key="" mode=none \
name=default radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
set 5 vlan-header=leave-as-is vlan-mode=fallback
set 6 vlan-header=leave-as-is vlan-mode=fallback
set 7 vlan-header=leave-as-is vlan-mode=fallback
set 8 vlan-header=leave-as-is vlan-mode=fallback
set 9 vlan-header=leave-as-is vlan-mode=fallback
set 10 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:42:14:4E:7F:7C \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
yes interface=717-99 keepalive-timeout=10 max-mru=1480 max-mtu=1480 \
max-sessions=0 mrru=disabled one-session-per-host=no service-name=\
service1
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default-encryption enabled=yes keepalive-timeout=60 max-mru=1500 max-mtu=\
1500 mrru=disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:41 \
master-port=none mtu=1500 name=717-99 speed=1Gbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:42 \
master-port=none mtu=1500 name=ether1 speed=1Gbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:43 \
master-port=none mtu=1480 name=Wi-Fi speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:44 \
master-port=none mtu=1500 name="ether4 (ATV)" speed=1Gbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:45 \
master-port=none mtu=1500 name=ether5 speed=100Mbps
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:46 \
master-port=none mtu=1500 name=ether6 speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:47 \
master-port=none mtu=1500 name=ether7 speed=100Mbps
set 7 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:48 \
master-port=none mtu=1500 name=ether8 speed=100Mbps
set 8 arp=reply-only auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:A8:BC:49 \
master-port=none mtu=1500 name=9...Office speed=100Mbps
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=717-99 max-mru=1480 max-mtu=1480 \
mrru=disabled name=XXXXXXX password=XXXXXXXX profile=default \
service-name="" use-peer-dns=yes user=XXXXXXXX@dsl.ukrtel.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=yes disabled=no interface="ether4 (ATV)" max-mru=1480 \
max-mtu=1480 mrru=disabled name=XXXX password=XXXXXXX profile=default \
service-name=xxxx use-peer-dns=yes user=xxx
/interface pptp-server
add disabled=no name=pptp-salgani_to_zatoka user=salgani_to_zatoka
add disabled=no name=pptp-salgani_to_zatoka_backup user=\
salgani_to_zatoka_backup
add disabled=no name=pptp-tc-ruta_to_zatoka user=tc-ruta_to_zatoka
add disabled=no name=pptp-tc-ruta_to_zatoka_backup user=\
tc-ruta_to_zatoka_backup
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
set 1 mirror-source=none mirror-target=none name=switch2
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" eap-methods=passthrough \
group-ciphers="" group-key-update=5m interim-update=0s \
management-protection=disabled management-protection-key="" mode=none \
name=default radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
set 5 vlan-header=leave-as-is vlan-mode=fallback
set 6 vlan-header=leave-as-is vlan-mode=fallback
set 7 vlan-header=leave-as-is vlan-mode=fallback
set 8 vlan-header=leave-as-is vlan-mode=fallback
set 9 vlan-header=leave-as-is vlan-mode=fallback
set 10 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:42:14:4E:7F:7C \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
yes interface=717-99 keepalive-timeout=10 max-mru=1480 max-mtu=1480 \
max-sessions=0 mrru=disabled one-session-per-host=no service-name=\
service1
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default-encryption enabled=yes keepalive-timeout=60 max-mru=1500 max-mtu=\
1500 mrru=disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
PRIME_BBCODE_SPOILER_SHOW PRIME_BBCODE_SPOILER:
/ip address
add address=192.168.192.1/24 disabled=no interface=9...Office network=192.168.192.0
add address=192.168.2.1/24 disabled=no interface=Wi-Fi network=192.168.2.0
add address=192.168.192.1/24 disabled=no interface=9...Office network=192.168.192.0
add address=192.168.2.1/24 disabled=no interface=Wi-Fi network=192.168.2.0
PRIME_BBCODE_SPOILER_SHOW PRIME_BBCODE_SPOILER:
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=717-99 routing-mark=adsl_routing scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 routing-mark=for_WiFi scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 routing-mark=wifi scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=Atv routing-mark=atv_routing scope=30 target-scope=10
add comment=gw1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Atv scope=10 target-scope=10
add comment=gw2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 scope=10 target-scope=10
add comment="ADSL for OFFICE (reserve)" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 scope=30 target-scope=10
add comment="Google DNS1" disabled=no distance=1 dst-address=8.8.4.4/32 gateway=adsl71-799 scope=30 target-scope=10
add comment="Google DNS2" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=Atv scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=192.168.193.0/24 gateway=10.18.28.2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=192.168.193.0/24 gateway=10.19.29.2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=192.168.194.0/24 gateway=10.18.28.6 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=192.168.194.0/24 gateway=10.19.29.6 scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=717-99 routing-mark=adsl_routing scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 routing-mark=for_WiFi scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 routing-mark=wifi scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=Atv routing-mark=atv_routing scope=30 target-scope=10
add comment=gw1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Atv scope=10 target-scope=10
add comment=gw2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 scope=10 target-scope=10
add comment="ADSL for OFFICE (reserve)" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=adsl71-799 scope=30 target-scope=10
add comment="Google DNS1" disabled=no distance=1 dst-address=8.8.4.4/32 gateway=adsl71-799 scope=30 target-scope=10
add comment="Google DNS2" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=Atv scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=192.168.193.0/24 gateway=10.18.28.2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=192.168.193.0/24 gateway=10.19.29.2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=192.168.194.0/24 gateway=10.18.28.6 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=192.168.194.0/24 gateway=10.19.29.6 scope=30 target-scope=10
PRIME_BBCODE_SPOILER_SHOW PRIME_BBCODE_SPOILER:
/ip firewall nat
add action=dst-nat chain=dstnat comment=Mikrotik disabled=no dst-address=78.111.X.X dst-port=8291 protocol=tcp to-addresses=192.168.192.1 to-ports=8291
add action=redirect chain=dstnat comment=Proxy disabled=no dst-port=80 protocol=tcp src-address=192.168.192.0/24 to-ports=8085
add action=masquerade chain=srcnat disabled=no out-interface=adsl71-799 src-address=192.168.2.0/24
add action=masquerade chain=srcnat disabled=no src-address=10.19.29.0/24
add action=masquerade chain=srcnat disabled=no src-address=10.18.28.0/24
add action=masquerade chain=srcnat disabled=no out-interface=adsl71-799 src-address=192.168.192.0/24 to-addresses=78.111.X.X
add action=masquerade chain=srcnat disabled=no out-interface=Atv src-address=192.168.192.0/24 to-addresses=78.111.X.X
add action=dst-nat chain=dstnat comment="SSH Asterisk" disabled=no dst-address=78.111.X.X dst-port=22 protocol=tcp src-address=193.169.X.X to-addresses=192.168.192.253 to-ports=22
add action=dst-nat chain=dstnat comment="Exclude admin's home IP for RDP" disabled=no dst-address=78.111.X.X dst-port=3389 protocol=tcp src-address=193.169.X.X to-addresses=192.168.192.15 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=10000-20000 protocol=udp to-addresses=192.168.192.253 to-ports=10000-20000
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=10000-20000 protocol=udp to-addresses=192.168.192.253 to-ports=10000-20000
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=3389 protocol=tcp src-address=31.28.161.33 to-addresses=192.168.192.15 to-ports=3389
add action=dst-nat chain=dstnat comment="Webcam Web" disabled=no dst-address=78.111.X.X dst-port=88 protocol=tcp to-addresses=192.168.192.6 to-ports=80
add action=dst-nat chain=dstnat comment="Webcam Web" disabled=no dst-address=82.207.X.X dst-port=88 protocol=tcp to-addresses=192.168.192.6 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=21 protocol=tcp to-addresses=192.168.192.15 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=2222 protocol=tcp to-addresses=192.168.192.253 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=443 protocol=tcp to-addresses=192.168.192.15 to-ports=443
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-address=82.207.X.X dst-port=8081 protocol=tcp to-addresses=192.168.192.4 to-ports=8081
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=8080 protocol=tcp to-addresses=192.168.192.3 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=80 protocol=tcp to-addresses=1.1.1.1 to-ports=40434
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-address=78.111.X.X dst-port=37777 protocol=tcp to-addresses=192.168.192.3 to-ports=37777
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=8080 protocol=tcp to-addresses=192.168.192.3 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=8081 protocol=tcp to-addresses=192.168.192.4 to-ports=8081
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=8081 protocol=tcp to-addresses=192.168.192.4 to-ports=8081
add action=dst-nat chain=dstnat comment=DVR_RESTAURANT disabled=no dst-address=78.111.X.X dst-port=37778 protocol=tcp to-addresses=192.168.192.4 to-ports=37777
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=8085 protocol=tcp src-address=193.169.X.X to-addresses=192.168.192.253 to-ports=80
add action=dst-nat chain=dstnat comment=Mikrotik disabled=no dst-address=78.111.X.X dst-port=8291 protocol=tcp to-addresses=192.168.192.1 to-ports=8291
add action=redirect chain=dstnat comment=Proxy disabled=no dst-port=80 protocol=tcp src-address=192.168.192.0/24 to-ports=8085
add action=masquerade chain=srcnat disabled=no out-interface=adsl71-799 src-address=192.168.2.0/24
add action=masquerade chain=srcnat disabled=no src-address=10.19.29.0/24
add action=masquerade chain=srcnat disabled=no src-address=10.18.28.0/24
add action=masquerade chain=srcnat disabled=no out-interface=adsl71-799 src-address=192.168.192.0/24 to-addresses=78.111.X.X
add action=masquerade chain=srcnat disabled=no out-interface=Atv src-address=192.168.192.0/24 to-addresses=78.111.X.X
add action=dst-nat chain=dstnat comment="SSH Asterisk" disabled=no dst-address=78.111.X.X dst-port=22 protocol=tcp src-address=193.169.X.X to-addresses=192.168.192.253 to-ports=22
add action=dst-nat chain=dstnat comment="Exclude admin's home IP for RDP" disabled=no dst-address=78.111.X.X dst-port=3389 protocol=tcp src-address=193.169.X.X to-addresses=192.168.192.15 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=10000-20000 protocol=udp to-addresses=192.168.192.253 to-ports=10000-20000
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=10000-20000 protocol=udp to-addresses=192.168.192.253 to-ports=10000-20000
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=3389 protocol=tcp src-address=31.28.161.33 to-addresses=192.168.192.15 to-ports=3389
add action=dst-nat chain=dstnat comment="Webcam Web" disabled=no dst-address=78.111.X.X dst-port=88 protocol=tcp to-addresses=192.168.192.6 to-ports=80
add action=dst-nat chain=dstnat comment="Webcam Web" disabled=no dst-address=82.207.X.X dst-port=88 protocol=tcp to-addresses=192.168.192.6 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=21 protocol=tcp to-addresses=192.168.192.15 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=2222 protocol=tcp to-addresses=192.168.192.253 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=443 protocol=tcp to-addresses=192.168.192.15 to-ports=443
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-address=82.207.X.X dst-port=8081 protocol=tcp to-addresses=192.168.192.4 to-ports=8081
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=8080 protocol=tcp to-addresses=192.168.192.3 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=80 protocol=tcp to-addresses=1.1.1.1 to-ports=40434
add action=dst-nat chain=dstnat comment=DVR disabled=no dst-address=78.111.X.X dst-port=37777 protocol=tcp to-addresses=192.168.192.3 to-ports=37777
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=8080 protocol=tcp to-addresses=192.168.192.3 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=82.207.X.X dst-port=8081 protocol=tcp to-addresses=192.168.192.4 to-ports=8081
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=8081 protocol=tcp to-addresses=192.168.192.4 to-ports=8081
add action=dst-nat chain=dstnat comment=DVR_RESTAURANT disabled=no dst-address=78.111.X.X dst-port=37778 protocol=tcp to-addresses=192.168.192.4 to-ports=37777
add action=dst-nat chain=dstnat disabled=no dst-address=78.111.X.X dst-port=8085 protocol=tcp src-address=193.169.X.X to-addresses=192.168.192.253 to-ports=80
Последний раз редактировалось dlj87 19 сен 2012, 21:11, всего редактировалось 2 раза.
Re: Elastix 2.3.0 настройка sip.tenet.ua
5060 не проброшен
астериск просит отправлят ответы на 5060
для роутера на этом порту сессия не поднята - пакет дропается
астериск просит отправлят ответы на 5060
для роутера на этом порту сессия не поднята - пакет дропается
ЛС: @rostel
Re: Elastix 2.3.0 настройка sip.tenet.ua
эт как же оно работает с софтфона тогда или на резервном канале с Астера? я кстати пробрасывал этот порт и бестолку. к тому же по этому правилу вообще пакеты не шли ни грама. да и насколько мне известно, в микротике разрешается входящий трафик для соединений, которые были инициированы изнутри
Re: Elastix 2.3.0 настройка sip.tenet.ua
тогда убрать пробросы
nat=no
externip и localnet закоментить
тогда поведение астериска должно быть аналогично софтфону
nat=no
externip и localnet закоментить
тогда поведение астериска должно быть аналогично софтфону
ЛС: @rostel
Re: Elastix 2.3.0 настройка sip.tenet.ua
не помогло. ни пира ни регистрации
