Code: Select all
/ip firewall filter
add action=accept chain=forward connection-nat-state=dstnat connection-state=established,related,new in-interface=ether1 \
src-address=0.0.0.0
add action=accept chain=input connection-state=established,related,new in-interface=ether1 src-address=0.0.0.0
add action=accept chain=input icmp-options=8:0-255 protocol=icmp
add action=jump chain=input jump-target=icmp protocol=icmp
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat in-interface-list=WAN port=80 protocol=tcp to-addresses=192.168.10.25
add action=dst-nat chain=dstnat in-interface-list=WAN port=80 protocol=udp to-addresses=192.168.10.25
add action=dst-nat chain=dstnat comment=web dst-port=80 in-interface-list=WAN log=yes log-prefix=web protocol=tcp to-addresses=\
192.168.10.25 to-ports=80