Настройка MikroTik для работы Policom

Тема в разделе "Вопросы начинающих", создана пользователем Alekseu, 7 дек 2016.

  1. Alekseu

    Alekseu Новый участник

    Добрый день!
    Для корректной работы программы необходимо открыт следующие порты на роутерах: 1718 - Static UDP, 1719 - Static UDP, 1720 - Static TCP, 1731 - Static TCP 3220 - 3225 - TCP порты, 3230 - 3247 - UDP порты.
    В firewall были открыты разрешения и в firewall nat было выполнено переброс портов на нужную машину. Когда производим с этой машины вызовы по Policom работает и звук и видео, но при вызове этой машины извне идет вызов, но принять вызов невозможно кнопка принять вызов неактивна. Настраивал кто небуть работу Policom чрез микротик или в настройках допущена ошибка ?
    Устройство RouterOS 6.35 on CCR1009-8G-1S-1S+
    Policom использует протоколы H.323 и SIP

    /ip firewall filter
    add action=drop chain=input comment=BOGON in-interface=vlan1_Net_145 \
    src-address-list=BOGON
    add action=drop chain=forward src-address=192.168.0.32
    add chain=forward disabled=yes dst-address-list=open src-address=192.168.0.73
    add action=drop chain=forward disabled=yes src-address=192.168.0.73
    add action=drop chain=forward src-address=192.168.100.101-192.168.100.255
    add action=drop chain=forward src-address=192.168.100.5-192.168.100.49
    add action=drop chain=forward in-interface=ether2 out-interface=ether3
    add action=drop chain=forward in-interface=ether3 out-interface=ether2
    add chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \EF\E8\ED\E3\E8" \
    protocol=icmp
    add chain=forward protocol=icmp
    add chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \F3\F1\F2\E0\ED\EE\E2\EB\
    \E5\ED\ED\FB\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF" connection-state=\
    established
    add chain=forward connection-state=established
    add chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \F1\E2\FF\E7\E0\ED\ED\FB\
    \E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF" connection-state=related
    add chain=forward connection-state=related
    add chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \E2\F1\E5 \EF\EE\E4\EA\EB\
    \FE\F7\E5\ED\E8\FF \E8\E7 \ED\E0\F8\E5\E9 \EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\
    \E5\F2\E8" in-interface=!vlan1_Net_145 src-address=192.168.0.0/24
    add chain=input in-interface=!vlan1_Net_145 src-address=192.168.100.0/24
    add chain=forward comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \E2\F5\EE\E4\FF\F9\E8\
    \E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF \E4\EB\FF VipNet Kordinator" \
    disabled=yes dst-port=55777 in-interface=vlan1_Net_145 protocol=udp
    add chain=forward disabled=yes dst-port=2046 in-interface=vlan1_Net_145 \
    protocol=udp
    add chain=forward comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \E2\F5\EE\E4\FF\F9\E8\
    \E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF \E4\EB\FF \D1\D1\CC\CF" dst-port=\
    6502 in-interface=vlan1_Net_145 protocol=tcp
    add chain=forward dst-port=6502 in-interface=vlan1_Net_145 protocol=udp
    add chain=forward dst-port=6550 in-interface=vlan1_Net_145 protocol=tcp
    add chain=forward comment=Polycom dst-port=1718 in-interface=vlan1_Net_145 \
    protocol=udp
    add chain=forward dst-port=1719 in-interface=vlan1_Net_145 protocol=udp
    add chain=forward dst-port=1720 in-interface=vlan1_Net_145 protocol=tcp
    add chain=forward dst-port=1731 in-interface=vlan1_Net_145 protocol=tcp
    add chain=forward dst-port=3220-3225 in-interface=vlan1_Net_145 protocol=tcp
    add chain=forward dst-port=3230-3250 in-interface=vlan1_Net_145 protocol=udp

    add chain=input comment=OpenVPN dst-port=1194 in-interface=vlan1_Net_145 \
    protocol=tcp
    add chain=forward dst-address=192.168.0.0/24 src-address=192.168.140.0/24
    add chain=forward dst-address=192.168.100.0/24 src-address=192.168.140.0/24
    add chain=forward dst-address=192.168.140.0/24 src-address=192.168.0.0/24
    add chain=forward dst-address=192.168.140.0/24 src-address=192.168.100.0/24
    add chain=input comment=L2TP dst-port=1701 protocol=udp
    add chain=input dst-port=500 protocol=udp
    add chain=input dst-port=4500 protocol=udp
    add chain=input protocol=ipsec-esp
    add chain=forward dst-address=192.168.0.0/24 src-address=192.168.134.0/24
    add chain=forward dst-address=192.168.134.0/24 src-address=192.168.0.0/24
    add action=drop chain=input comment="\CE\E1\F0\F3\E1\E0\E5\EC \E8\ED\E2\E0\EB\
    \E8\E4\ED\FB\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF" connection-state=\
    invalid
    add action=drop chain=forward connection-state=invalid
    add action=drop chain=input comment="\CE\E1\F0\F3\E1\E0\E5\EC \E2\F1\E5 \EE\F1\
    \F2\E0\EB\FC\ED\FB\E5 \E2\F5\EE\E4\FF\F9\E8\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\
    \E8\FF" in-interface=vlan1_Net_145
    add chain=forward comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \E4\EE\F1\F2\F3\EF \E8\
    \E7 \EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\E5\F2\E8 \E2 \E8\ED\F2\E5\F0\ED\E5\F2" \
    in-interface=!vlan1_Net_145 out-interface=vlan1_Net_145
    add action=drop chain=forward comment="\CE\E1\F0\F3\E1\E0\E5\EC \E2\F1\E5 \EE\
    \F1\F2\E0\EB\FC\ED\FB\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF"
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=vlan1_Net_145
    add action=netmap chain=dstnat comment=\
    "VipNet Kordinator UDP 192.168.0.6: 55777" disabled=yes dst-port=55777 \
    in-interface=vlan1_Net_145 protocol=udp to-addresses=192.168.0.6 \
    to-ports=55777
    add action=netmap chain=dstnat comment=\
    "VipNet Kordinator UDP 192.168.0.6: 2046" disabled=yes dst-port=2046 \
    in-interface=vlan1_Net_145 protocol=udp to-addresses=192.168.0.6 \
    to-ports=2046
    add action=netmap chain=dstnat comment="\D1\D1\CC\CF TCP 192.168.0.171: 6502" \
    dst-port=6502 in-interface=vlan1_Net_145 protocol=tcp to-addresses=\
    192.168.0.171 to-ports=6502
    add action=netmap chain=dstnat comment="\D1\D1\CC\CF UDP 192.168.0.171: 6502" \
    dst-port=6502 in-interface=vlan1_Net_145 protocol=udp to-addresses=\
    192.168.0.171 to-ports=6502
    add action=netmap chain=dstnat comment="\D1\D1\CC\CF TCP 192.168.0.171: 6550" \
    dst-port=6550 in-interface=vlan1_Net_145 protocol=tcp to-addresses=\
    192.168.0.171 to-ports=6550
    add action=dst-nat chain=dstnat comment="Polycom 192.168.0.179" dst-port=1718 \
    in-interface=vlan1_Net_145 protocol=udp to-addresses=192.168.0.179 \
    to-ports=1718
    add action=dst-nat chain=dstnat dst-port=1719 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=1719
    add action=dst-nat chain=dstnat dst-port=1720 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=1720
    add action=dst-nat chain=dstnat dst-port=1731 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=1731
    add action=dst-nat chain=dstnat dst-port=3220 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=3220
    add action=dst-nat chain=dstnat dst-port=3221 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=3221
    add action=dst-nat chain=dstnat dst-port=3223 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=3223
    add action=dst-nat chain=dstnat dst-port=3224 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=3224
    add action=dst-nat chain=dstnat dst-port=3225 in-interface=vlan1_Net_145 \
    protocol=tcp to-addresses=192.168.0.179 to-ports=3225
    add action=dst-nat chain=dstnat dst-port=3230 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3230
    add action=dst-nat chain=dstnat dst-port=3231 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3231
    add action=dst-nat chain=dstnat dst-port=3232 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3232
    add action=dst-nat chain=dstnat dst-port=3233 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3233
    add action=dst-nat chain=dstnat dst-port=3234 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3234
    add action=dst-nat chain=dstnat dst-port=3235 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3235
    add action=dst-nat chain=dstnat dst-port=3236 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3236
    add action=dst-nat chain=dstnat dst-port=3237 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3237
    add action=dst-nat chain=dstnat dst-port=3238 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3238
    add action=dst-nat chain=dstnat dst-port=3239 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3239
    add action=dst-nat chain=dstnat dst-port=3240 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3240
    add action=dst-nat chain=dstnat dst-port=3241 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3241
    add action=dst-nat chain=dstnat dst-port=3242 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3242
    add action=dst-nat chain=dstnat dst-port=3243 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3243
    add action=dst-nat chain=dstnat dst-port=3244 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3244
    add action=dst-nat chain=dstnat dst-port=3245 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3245
    add action=dst-nat chain=dstnat dst-port=3246 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3246
    add action=dst-nat chain=dstnat dst-port=3247 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3247
    add action=dst-nat chain=dstnat dst-port=3248 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3248
    add action=dst-nat chain=dstnat dst-port=3249 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3249
    add action=dst-nat chain=dstnat dst-port=3250 in-interface=vlan1_Net_145 \
    protocol=udp to-addresses=192.168.0.179 to-ports=3250
     
  2. Илья Князев

    Илья Князев Администратор Команда форума

    Хелперы попробуйте отключить. На закладке /ip firewall service-port
     
  3. Alekseu

    Alekseu Новый участник

    Отключил их не помогло.....
    Дополнительно к отключению хелперов открыл дополнительно 80, 389, 1503 TCP тоже не помогло....
    Дополнительно к отключению хелперов и открытию портов дополнительных в Policom отключили SIP не помогло....
    Но после всех настроек которые были выполнены выше, 3230 - 3250 - UDP порты перевели в разряд TCP порты все заработало ...
    В общем что помогло не понятно экспериментировать уже не стали..