Uradi kako ti je predložio Peđa. Ukoliko ne želiš to da probaš prebaci pravilo
Code:
add action=dst-nat chain=dstnat dst-address=89.216.209.165 in-interface=ether1 protocol=tcp to-addresses=192.168.31.1 to-ports=50000-52000
da bude pretposlednje (ispred maskarade) jer u tvojoj konfiguraciji sve ispod nema smisla.
Pošto je u pitanju lanac akcija(karika), prva akcija(karika) je da se zahtevi ka portu 3389 preusmere na port 3389 , sledeća akcija(karika) je da se svi tcp zahtevi ka adresi 89.216.209.165 preusmere na lokalnu adresu 192.168.31.1 na portove 50000-52000
Sve ostalo u lancu ispod ove akcije(karike) preusmerava konekcije na lokalnu adresu 192.168.31.1 na portove 50000-52000
Probaj ovako da poređaš prvila za nat
Code:
ip firewall nat
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=3389 in-interface=ether1 protocol=tcp to-addresses=192.168.31.1 to-ports=3389
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=8101 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=8101
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=8102 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=8102
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=8103 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=8103
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=8104 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=8104
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=8105 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=8105
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9001 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9001
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9002 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9002
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9003 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9003
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9004 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9004
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9005 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9005
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9006 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9006
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9007 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9007
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9008 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9008
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9009 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9009
add action=dst-nat chain=dstnat dst-address=89.216.209.165 dst-port=9010 in-interface=ether1 protocol=tcp to-addresses=192.168.2.100 to-ports=9010
add action=dst-nat chain=dstnat dst-address=89.216.209.165 in-interface=ether1 protocol=tcp to-addresses=192.168.31.1 to-ports=50000-52000
add action=masquerade chain=srcnat out-interface=ether1
Teorija - to je kada znate sve, a ništa ne radi
Praksa - to je kada sve radi, a neznate zašto
Mi smo spojili teoriju i praksu - kod nas NIŠTA ne radi i NE ZNAMO zašto
ex YT1ENG
KN03XH-16DQ