Wednesday, March 10, 2010

ip firewall nat

ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=modem1 connection-mark=satu action=src-nat
to-addresses=192.168.1.2 to-ports=0-65535

1 chain=srcnat out-interface=modem2 connection-mark=dua action=src-nat
to-addresses=192.168.2.2 to-ports=0-65535

2 chain=dstnat in-interface=lokal protocol=icmp action=redirect to-ports=1

3 chain=dstnat protocol=udp dst-port=53 action=redirect to-ports=53

4 chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53

ip firewall mangle

ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting in-interface=lokal connection-state=new nth=1,1,0
action=mark-connection new-connection-mark=satu passthrough=yes

1 chain=prerouting in-interface=lokal connection-mark=satu
action=mark-routing new-routing-mark=satu passthrough=no

2 chain=prerouting in-interface=lokal connection-state=new nth=1,1,1
action=mark-connection new-connection-mark=dua passthrough=yes

3 chain=prerouting in-interface=lokal connection-mark=dua
action=mark-routing new-routing-mark=dua passthrough=yes

4 chain=prerouting src-address=192.168.3.0/24 protocol=icmp
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes

5 chain=prerouting connection-mark=ICMP-CM action=mark-packet
new-packet-mark=ICMP-PM passthrough=yes

6 chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay

7 chain=prerouting src-address=192.168.3.0/24 protocol=tcp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes

8 chain=prerouting src-address=192.168.3.0/24 protocol=udp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes

9 chain=prerouting connection-mark=DNS-CM action=mark-packet
new-packet-mark=DNS-PM passthrough=yes

10 chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay

11 chain=forward src-address=192.168.3.0/24 dst-address=192.168.3.0/24
action=mark-connection new-connection-mark=user-lokal passthrough=yes

12 chain=forward connection-mark=user-lokal action=mark-packet
new-packet-mark=lokaltrafic passthrough=yes