I have connected IP camera in my local network and every think working fine.But I can"t access from internet(outside). I try meny tutorials how forward ports but not one of them working.My main router is RB450Gx4. I have static IP. Can enyone help me setup this??
Code: Select all
[admin@MikroTik] > export hide-sensitive
# aug/25/2021 09:02:38 by RouterOS 6.47.9
# software id = 5V87-V0VA
#
# model = RB450Gx4
# serial number = B8D00BDDF2C5
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=exdxhm6@integra
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.200-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/system logging action
set 3 remote=192.168.1.10
/user group
add name=ftp policy=ftp,read,!local,!telnet,!ssh,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0
/ip arp
add address=192.168.1.2 comment=openwrt_tp-link interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.3 comment=Q300_1 interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.4 comment=Q300_2 interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.10 comment=omv interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.5 comment=TP-Link interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.6 comment=toto_1 interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.7 comment=toto_2 interface=bridge mac-address=XX:XX:XX:XX:XX:XX
add address=192.168.1.98 comment=kamerka interface=bridge mac-address=XX:XX:XX:XX:XX:XX
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.1.10 comment=omv mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.50 comment=PS4 mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.52 client-id=1:XX:XX:XX:XX:XX:XX comment=LGwebOSTV mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.51 client-id=1:XX:XX:XX:XX:XX:XX comment=sylwek-MS-7A71 mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.56 client-id=1:XX:XX:XX:XX:XX:XX comment="DIXONS-JVC TV" mac-address=XX:XX:XX:XX:XX:XX server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=192.168.1.1 netmask=24
/ip dns
set servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward connection-nat-state=dstnat
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=51413 protocol=tcp to-addresses=192.168.1.10 to-ports=51413
add action=dst-nat chain=dstnat dst-port=51413 protocol=udp to-addresses=192.168.1.10 to-ports=51413
/ip service
set telnet disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system logging
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning
/system ntp client
set enabled=yes primary-ntp=159.253.242.123 secondary-ntp=162.159.200.123
/system package update
set channel=long-term
/system scheduler
add interval=1h name=schedulerUpdateHoleCertDomains on-event=scriptUpdateHoleCertDomains policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=mar/23/2020 start-time=00:55:00
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN