rosvpn内网

❶ ros中防火墙如何能拒绝外网主动连接，允许内网连接外网。

/ip firewall filer add action=accept chain=input connection-state=established disabled=no
/ip firewall filer add action=accept chain=input connection-state=related disabled=no
/ip firewall filer add action=drop chain=input disabled=no dst-port=!8291,80,5843,22 in-interface=WAN protocol=tcp
=========================================
一共三行复。制
1、2行是允许内网主动发起的连接通过。
3行 是禁用除了制定端口之外的外网访问。
interface=你的外网网卡名称
dst-port=!这里写你想开放的端口。

顺便鄙视一下推荐答案。

❷ 外网访问ros内网的文件共享，怎么设置

FTP式的，可以用端口(21)映射，
类似局域网中的文件共享，只有通过VPN接入了

❸ ROS多IP同网关 如何给内网一公网

假设172.168.0.1-172.168.0.2为你的外网IP 172.168.0.6为你的外网网关
192.168.0.254为你的内网网关。
/ip address add address=192.168.0.254/255.255.255.0 interface=lan comment=lan
/ip dns set primary-dns=202.96.128.142 secondary-dns=202.96.128.143 allow-remote-requests=yes
/ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1472
/ip address add address=172.168.0.1/255.255.255.248 interface=wan comment="1"
/ip route add gateway=172.168.0.6 routing-mark=1 comment="1"
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1,0 action=mark-connection new-connection-mark=1 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=1 action=mark-routing new-routing-mark=1 passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=1 action=src-nat to-addresses=172.168.0.1 to-ports=0-65535 comment="1" disabled=no
/ip address add address=172.168.0.2/255.255.255.248 interface=wan comment="2"
/ip route add gateway=172.168.0.6 routing-mark=2 comment="2"
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1,1 action=mark-connection new-connection-mark=2 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=2 action=mark-routing new-routing-mark=2 passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=2 action=src-nat to-addresses=172.168.0.2 to-ports=0-65535 comment="2" disabled=no
/ip address add address=172.168.0.3/255.255.255.248 interface=wan comment="3"
/ip route add gateway=172.168.0.6 routing-mark=3 comment="3"
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1,2 action=mark-connection new-connection-mark=3 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=3 action=mark-routing new-routing-mark=3 passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=3 action=src-nat to-addresses=172.168.0.3 to-ports=0-65535 comment="3" disabled=no
/ip address add address=172.168.0.4/255.255.255.248 interface=wan comment="4"
/ip route add gateway=172.168.0.6 routing-mark=4 comment="4"
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1,3 action=mark-connection new-connection-mark=4 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=4 action=mark-routing new-routing-mark=4 passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=4 action=src-nat to-addresses=172.168.0.4 to-ports=0-65535 comment="4" disabled=no
/ip address add address=172.168.0.5/255.255.255.248 interface=wan comment="5"
/ip route add gateway=172.168.0.6 routing-mark=5 comment="5"
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1,4 action=mark-connection new-connection-mark=5 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=5 action=mark-routing new-routing-mark=5 passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=5 action=src-nat to-addresses=172.168.0.5 to-ports=0-65535 comment="5" disabled=no

❹ 用ros能ping通外网 但是内网上不了,我的是固定IP

你没有做复NAT（做NAT在IP-防火墙-NAT上添制加一条类型为SNAT的规则，然后选在应用上masquerade），还有，有可能是默认路由没有加（在IP-路由-指定地址为0.0.0.0，网关为你ISP的网关，按确定就可以了，如果是PPPOE拔号的话就新建一个PPPOE CLIENT时勾上add default route，意思为添加默认路由），最好再检查一下DNS是否有设置好（在IP-DNS上点击设置，填上ISP的DNS地址，然后勾选允许远程请求即可），请楼主先检查一下以上选项。

我本军团：助人为本，以本会友

❺ ROS如何映射内网服务器端口到外网指定的IP

您好RouterOS 2.9 以上版本的解决办法是：
在NAT栏目中添加 masquerade IP伪装的时候版要这样写权:

General选项
Chain:srcnat
Src.address:192.168.1.0/24(你内网的IP段)
其他留空
Action选项
Action:masquerade

重点：General选项中 src.address 要写自己的网段比如192.168.1.0/24,任意(0.0.0.0/0)地址或不写的话就会出现以上都变成内网网关问题！牛年吉祥