ПОЖАЛУЙСТА, помогите... Мне нужно перенаправить соединения на наш публичный мобильный сайт на внутренний веб-сервер, при этом порты должны меняться в зависимости от сети, из которой идет трафик:
- eth1 на 802
- eth1.2 на 802
- eth1.3 на 803
- eth1.4 на 804
Через GUI это сделать нельзя, поэтому я настроил весь файрвол, проброс портов и применил правки через CLI:
configureset service nat rule 50 description "OranaWiFi to Webserver"
set service nat rule 50 type destination
set service nat rule 50 inbound-interface eth1.2
set service nat rule 50 destination address 138.128.191.146
set service nat rule 50 destination port 80
set service nat rule 50 inside-address address 192.168.1.250
set service nat rule 50 inside-address port 802
set service nat rule 50 protocol tcp
set service nat rule 51 description "SchoolWiFi1 to Webserver"
set service nat rule 51 type destination
set service nat rule 51 inbound-interface eth1.3
set service nat rule 51 destination address 138.128.191.146
set service nat rule 51 destination port 80
set service nat rule 51 inside-address address 192.168.1.250
set service nat rule 51 inside-address port 803
set service nat rule 51 protocol tcp
set service nat rule 52 description "SchoolWiFi2 to Webserver"
set service nat rule 52 type destination
set service nat rule 52 inbound-interface eth1.4
set service nat rule 52 destination address 138.128.191.146
set service nat rule 52 destination port 80
set service nat rule 52 inside-address address 192.168.1.250
set service nat rule 52 inside-address port 804
set service nat rule 52 protocol tcp
set service nat rule 53 description "OranaNet to Webserver"
set service nat rule 53 type destination
set service nat rule 53 inbound-interface eth1
set service nat rule 53 destination address 138.128.191.146
set service nat rule 53 destination port 80
set service nat rule 53 inside-address address 192.168.1.250
set service nat rule 53 inside-address port 802
set service nat rule 53 protocol tcp
set service nat rule 5001 type source
set service nat rule 5001 source address 192.168.1.250
set service nat rule 5001 outbound-interface eth1
set service nat rule 5001 outside-address address 138.128.191.146
commit;
save;
exit
НО это не работает!
- eth1 на 802
- eth1.2 на 802
- eth1.3 на 803
- eth1.4 на 804
Через GUI это сделать нельзя, поэтому я настроил весь файрвол, проброс портов и применил правки через CLI:
configureset service nat rule 50 description "OranaWiFi to Webserver"
set service nat rule 50 type destination
set service nat rule 50 inbound-interface eth1.2
set service nat rule 50 destination address 138.128.191.146
set service nat rule 50 destination port 80
set service nat rule 50 inside-address address 192.168.1.250
set service nat rule 50 inside-address port 802
set service nat rule 50 protocol tcp
set service nat rule 51 description "SchoolWiFi1 to Webserver"
set service nat rule 51 type destination
set service nat rule 51 inbound-interface eth1.3
set service nat rule 51 destination address 138.128.191.146
set service nat rule 51 destination port 80
set service nat rule 51 inside-address address 192.168.1.250
set service nat rule 51 inside-address port 803
set service nat rule 51 protocol tcp
set service nat rule 52 description "SchoolWiFi2 to Webserver"
set service nat rule 52 type destination
set service nat rule 52 inbound-interface eth1.4
set service nat rule 52 destination address 138.128.191.146
set service nat rule 52 destination port 80
set service nat rule 52 inside-address address 192.168.1.250
set service nat rule 52 inside-address port 804
set service nat rule 52 protocol tcp
set service nat rule 53 description "OranaNet to Webserver"
set service nat rule 53 type destination
set service nat rule 53 inbound-interface eth1
set service nat rule 53 destination address 138.128.191.146
set service nat rule 53 destination port 80
set service nat rule 53 inside-address address 192.168.1.250
set service nat rule 53 inside-address port 802
set service nat rule 53 protocol tcp
set service nat rule 5001 type source
set service nat rule 5001 source address 192.168.1.250
set service nat rule 5001 outbound-interface eth1
set service nat rule 5001 outside-address address 138.128.191.146
commit;
save;
exit
НО это не работает!