mikrotikvoip:mikrotik_voip_script
Ceci est une ancienne révision du document !
########################################################################
# VoIP Mikrotik script : symetric NAT and firewall filter rules #
# Author : G. HUSSON, Liberasys, 201904, contact_web _@_ liberasys.com #
# License : EUPL v1.2 - https://opensource.org/licenses/EUPL-1.2 #
# Prerequisits : having preestablished firewall rules and masquerading #
# HOWTO : #
# - set variables corresponding to your installation #
# - run the script #
# - move the lasts two rules fo the firewall filter rules where it #
# shoud be #
########################################################################
# Initialise variables
:global internalIp;
:global internalInterface;
:global externalIp;
:global externalInterface;
:global voipHttpsPort;
:global voipHttpPort;
:global voipSIPPort;
:global voipSIPsPort;
:global voipTunnelPort;
:global voipMediaPort;
:global initialNatRulesPosition;
# Set variables (change them !!!!)
:set internalIp "192.168.0.10";
:set internalInterface "bridge-internal";
:set externalIp "1.2.3.4";
:set externalInterface "bridge-internet";
:set voipHttpsPort 443;
:set voipHttpPort 80;
:set voipSIPPort 5060;
:set voipSIPsPort ($voipSIPPort + 1);
:set voipTunnelPort 5090;
:set voipMediaPort "9000-10999";
:set initialNatRulesPosition 0;
# Clean previously defined rules
/ip firewall nat remove [ find comment ~ "(#VOIPscript)" ]
/ip firewall filter remove [ find comment ~ "(#VOIPscript)" ]
# Disable SIP ALG
/ip firewall service-port disable sip
# set NAT rules
/ip firewall nat add action=dst-nat \
chain=dstnat \
in-interface=$externalInterface \
dst-address=$externalIp \
protocol=tcp \
dst-port="$voipHttpsPort,$voipHttpPort,$voipSIPPort,$voipSIPsPort,$voipTunnelPort" \
to-addresses=$internalIp \
log=yes \
log-prefix=voip-in \
place-before=$initialNatRulesPosition \
comment="VoIP TCP - IN (#VOIPscript)"
/ip firewall nat add action=src-nat \
chain=srcnat \
src-address=$internalIp \
out-interface=$externalInterface \
protocol=tcp \
src-port="$voipHttpsPort,$voipHttpPort,$voipSIPPort,$voipSIPsPort,$voipTunnelPort" \
to-addresses=$externalIp \
log=yes \
log-prefix=voip-out \
place-before=$initialNatRulesPosition \
comment="VoIP TCP - OUT, symetric NAT (#VOIPscript)"
/ip firewall nat add action=dst-nat \
chain=dstnat \
in-interface=$externalInterface \
dst-address=$externalIp \
protocol=udp \
dst-port="$voipSIPPort,$voipSIPsPort,$voipTunnelPort,$voipMediaPort" \
to-addresses=$internalIp \
log=yes \
log-prefix=voip-in \
place-before=$initialNatRulesPosition \
comment="VoIP UDP - IN (#VOIPscript)"
/ip firewall nat add action=src-nat \
chain=srcnat \
src-address=$internalIp \
out-interface=$externalInterface \
protocol=udp \
src-port="$voipSIPPort,$voipSIPsPort,$voipTunnelPort,$voipMediaPort" \
to-addresses=$externalIp \
log=yes \
log-prefix=voip-out \
place-before=$initialNatRulesPosition \
comment="VoIP UDP - OUT, symetric NAT (#VOIPscript)"
# Set firewall filter rules
/ip firewall filter add action=accept chain=forward \
in-interface=$externalInterface \
out-interface=$internalInterface \
dst-address=$internalIp \
protocol=tcp \
dst-port="$voipHttpsPort,$voipHttpPort,$voipSIPPort,$voipSIPsPort,$voipTunnelPort" \
log=yes \
log-prefix=voip-in \
comment="Internet -> VoIP server - TCP (#VOIPscript)"
/ip firewall filter add action=accept chain=forward \
in-interface=$externalInterface \
out-interface=$internalInterface \
dst-address=$internalIp \
protocol=udp \
dst-port="$voipSIPPort,$voipSIPsPort,$voipTunnelPort,$voipMediaPort" \
log=yes \
log-prefix=voip-in \
comment="Internet -> VoIP server - UDP (#VOIPscript)"
# Clean variables
:set internalIp;
:set internalInterface;
:set externalIp;
:set externalInterface;
:set voipHttpsPort;
:set voipHttpPort;
:set voipSIPPort;
:set voipSIPsPort;
:set voipTunnelPort;
:set voipMediaPort;
:set initialNatRulesPosition;
mikrotikvoip/mikrotik_voip_script.1556098718.txt.gz · Dernière modification : 2019/04/24 09:38 de ghusson