Code: Select all
2 [admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=masquerade out-interface=ether2
2 chain=srcnat action=masquerade out-interface=ether1
3 ;;; blueiris tcp
chain=dstnat action=dst-nat to-addresses=10.1.10.151 to-ports=81 protocol=tcp in-interface-list=WAN dst-port=81 log=yes
log-prefix="blueiris"
4 ;;; blueiris udp
chain=dstnat action=dst-nat to-addresses=10.1.10.151 to-ports=81 protocol=udp in-interface-list=WAN dst-port=81 log=yes
log-prefix="blueiris"
[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
5 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
6 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
7 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
8 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related
9 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
10 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
11 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
12 chain=forward action=accept protocol=tcp dst-port=81
13 chain=forward action=accept protocol=udp dst-port=81
