我在 Mac Mini 上运行 homeassistant 容器(防火墙已禁用)。我已添加端口转发,但无法从外部连接到它。内部运行正常。在日志中我确实发现了以下错误:

    dstnat: in:ether1 out:(unknown 0), src-mac XX:XX:XX:XX:XX:XX, proto TCP (SYN), 174.238.224.109:13647->XX.XXX.XX.XX1:8888, len 64

这是我的配置

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

 1    chain=dstnat action=dst-nat to-addresses=192.168.68.3 to-ports=80 protocol=tcp in-interface-list=WAN dst-port=9999 log=no log-prefix="" 

 2    chain=dstnat action=dst-nat to-addresses=192.168.68.3 to-ports=8081 protocol=tcp in-interface-list=WAN dst-port=8081 log=no log-prefix="" 

 3    chain=dstnat action=dst-nat to-addresses=192.168.68.3 to-ports=8082 protocol=tcp in-interface-list=WAN dst-port=8082 log=no log-prefix="" 

 4    chain=dstnat action=dst-nat to-addresses=192.168.68.3 to-ports=554 protocol=tcp in-interface-list=WAN dst-port=554 log=no log-prefix="" 

 5    chain=dstnat action=dst-nat to-addresses=192.168.68.5 to-ports=8123 protocol=tcp dst-port=8888 log=yes log-prefix="" 

 6    chain=srcnat action=masquerade out-interface=ether1 

 7    chain=srcnat action=masquerade out-interface=ether1 

/ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked 

 2    chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=8888 

 3    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 4    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 5    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 

 6    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 

 7    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec 

 8    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec 

 9    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related 

10    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked 

11    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

 /interface export
# sep/29/2024 12:57:51 by RouterOS 6.49.17
# software id = PVDI-3CC3
#
# model = RB760iGS
# serial number =
/interface bridge
add admin-mac=D4:01:C3:E3:FA:65 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN

/ip address export
# sep/29/2024 12:58:38 by RouterOS 6.49.17
# software id = PVDI-3CC3
#
# model = RB760iGS
# serial number =
/ip address
add address=192.168.68.1/22 comment=defconf interface=bridge network=\
    192.168.68.0

2

  • 为了让我们关联接口名称、地址和列表,请同时显示interface exportip address export


    – 

  • @NikitaKipriyanov 刚刚更新,感谢您查看。


    – 

0