I've already disabled both h323 and SIP
Code: Select all
lags: X - disabled, I - invalid
# NAME PORTS
0 X ftp 21
1 X tftp 69
2 X irc 6667
3 X h323
4 X sip 5060, 5061
5 pptp
Code: Select all
chain=dstnat action=dst-nat to-addresses=192.168.0.163 protocol=udp dst-address=81.x.x.114 src-port=16384-32766
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
1 ;;; VPN PC
chain=srcnat action=src-nat to-addresses=81.x.x.126 src-address-list=VPN-PC out-interface=eth12-BT
2 ;;; Assign IP 81.x.x.114 to Office
chain=srcnat action=src-nat to-addresses=81.x.x.114 src-address=192.168.0.0/24 out-interface=eth12-BT
3 ;;; HairPin
chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=192.168.0.0/24
4 ;;; NAT Redirect Port - JABBER
chain=dstnat action=dst-nat to-addresses=192.168.0.7 to-ports=5222-5225 protocol=tcp dst-address=81.x.x.115 src-port="" dst-port=5222-5225
5 ;;; NAT Incoming Port 1723 TCP - PPTP VPN
chain=dstnat action=dst-nat to-addresses=192.168.0.7 to-ports=1723 protocol=tcp dst-address=81.x.x.114 dst-port=1723
6 ;;; NAT Incoming Port 500 UDP - PPTP VPN
chain=dstnat action=dst-nat to-addresses=192.168.0.7 to-ports=500 protocol=udp dst-address=81.x.x.114 dst-port=500
7 ;;; SIP Phone Stuff
chain=dstnat action=dst-nat to-addresses=192.168.0.121 to-ports=5060-7089 protocol=udp dst-address=81.x.x114 dst-port=5060,7070-7089
8 chain=dstnat action=dst-nat to-addresses=192.168.0.163 protocol=udp dst-address=81.x.x.114 src-port=16384-32766
Code: Select all
0 ;;; allow established connections / related connections
chain=forward action=accept connection-state=established
1 chain=forward action=accept connection-state=related
2 ;;; Bypass WEB BLOCK - PC
chain=forward action=accept src-address=192.168.0.108
3 ;;; Bypass WEB BLOCK - PC
chain=forward action=accept src-address=192.168.0.77 layer7-protocol=Facebook
4 ;;; Bypass WEB BLOCK - PC
chain=forward action=accept src-address=192.168.0.134 layer7-protocol=Facebook
5 chain=forward action=accept src-address=192.168.0.168
7 ;;; Enable GRE - PPTP VPN
chain=forward action=accept protocol=gre in-interface=eth12-BT
8 ;;; VPN2
chain=forward action=accept src-address=192.168.0.7 out-interface=eth12-BT
9 ;;; Block PROXY from outside
chain=input action=drop protocol=tcp in-interface=eth12-BT dst-port=8080
10 ;;; Blocks BANNED sites - All Users on Network
chain=forward action=drop src-address=192.168.0.0/24 layer7-protocol=AllSocialSites
11 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid
Any help / advice?