estou tentando abrir as portas 5060 e 5004 (udp & tcp) para um ip interno específico (192.168.1.5), mas quero apenas que a comunicação entre essas portas esteja entre o (s) host (s) externo (s) específico (s) e negue tudo a esse IP interno. Eu tentei várias regras, mas eles parecem abrir a porta para qualquer fonte externa ou bloquear tudo. Aqui está minha saída -vL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
19 2811 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 shlimit tcp -- any any anywhere anywhere tcp dpt:ssh state NEW
0 0 ACCEPT all -- lo any anywhere anywhere
3 156 ACCEPT all -- br0 any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
14 3744 all -- any any anywhere anywhere account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
0 0 ACCEPT all -- br0 br0 anywhere anywhere
0 0 DROP all -- any any anywhere anywhere state INVALID
2 104 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
13 3692 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 wanin all -- vlan2 any anywhere anywhere
1 52 wanout all -- any vlan2 anywhere anywhere
1 52 ACCEPT all -- br0 any anywhere anywhere
Chain OUTPUT (policy ACCEPT 18 packets, 9439 bytes)
pkts bytes target prot opt in out source destination
Chain shlimit (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere recent: SET name: shlimit side: source
0 0 DROP all -- any any anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere --hidden-- tcp dpt:8082
0 0 ACCEPT udp -- any any anywhere --hidden-- udp dpt:8082
0 0 ACCEPT udp -- any any anywhere --hidden-- udp dpt:1194
0 0 ACCEPT tcp -- any any anywhere --DEVICE-- tcp multiport dports sip,5004
0 0 ACCEPT udp -- any any anywhere --DEVICE-- udp multiport dports sip,5004
0 0 ACCEPT tcp -- any any anywhere --hidden-- tcp dpts:domain:3074
0 0 ACCEPT udp -- any any anywhere --hidden-- udp dpts:domain:3074
Chain wanout (1 references)
pkts bytes target prot opt in out source destination
** Dispositivo é o que eu quero mudar (192.168.1.5)
dd-wrt e tomate são dois sistemas diferentes, qual é?
Na tela do gui do Tomato, preencha os campos.
Proto: Both
Scr Address: 99.99.99.99 (The specific external host.)
Ext Ports: 5060
Int Port: 5060
Int Address: 192.168.1.5
Repita os passos acima para a porta 5004.
Repita os passos acima para Endereços Src adicionais.