Jump to content
  • 0

Достъп до RB само от реално IP


filipov

Въпрос

Три дена си играя да подкарам на РБ -то два интернет доставчика и да направя файловер. Най-накрая успях, но когато и на двамата доставчици кабелите са вкл.,  достъпа ми до рутера от локалната мрежа става само през външните ИП -та на ISP -та. Също така и пинга ми към 192,168,88,1 го няма. Имам пингове към всички останали в мрежата. Ако извадя кабела на WAN1 то всичко си идва на мястото. Странното е, че когато и двата кабела са в WAN1 и WAN2 то не мога да достъпвам и други микротици през WinBox който от други мрежи. Махнали WAN1 нещата се оправят. Когато пък е изваден WAN1 пинг -а ми към dir.bg /примерно/ спира, но пък имам браузване.  ???

Това ми е експорт-а на рутера: 

 
# mar/20/2015 16:43:08 by RouterOS 6.27
# software id = GIBX-QDFK
#
/interface bridge
add admin-mac=00:00:00:00:00:00 auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] comment=Mul name=WAN1
set [ find default-name=ether5 ] comment=Kbr name=WAN2
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=
    ether4-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=
    20/40mhz-ht-above country=bulgaria disabled=no distance=indoors 
    frequency=auto l2mtu=2290 mode=ap-bridge ssid=5555 wireless-protocol=
    802.11
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=WAN2 
    keepalive-timeout=disabled mrru=1600 name=pppoe-out1 password=xxxx 
    use-peer-dns=yes user=xxxx
/ip neighbor discovery
set WAN1 comment=Mul discover=no
set WAN2 comment=Kbr
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
    dynamic-keys wpa-pre-shared-key=123456 wpa2-pre-shared-key=123456
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/ppp profile
set 1 local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface l2tp-server server
set ipsec-secret=123456 use-ipsec=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=
    ether2-master-local network=192.168.88.0
add address=84.238.253.xx/24 interface=WAN1 network=84.238.253.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=
    WAN1
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=84.238.253.81,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=
    established,related
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=WAN1
add chain=forward comment="default configuration" connection-state=
    established,related
add action=drop chain=forward comment="default configuration" 
    connection-state=invalid
add action=drop chain=forward comment="default configuration" 
    connection-nat-state=!dstnat connection-state=new in-interface=WAN1
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=
    mark_WAN1 passthrough=no src-address=192.168.88.1
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=
    mark_WAN2 passthrough=no src-address=192.168.88.1
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=
    WAN1_Conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=
    WAN2_Conn
add action=mark-routing chain=output connection-mark=WAN1_Conn 
    new-routing-mark=na_WAN1
add action=mark-routing chain=output connection-mark=WAN2_Conn 
    new-routing-mark=na_WAN2
add chain=prerouting dst-address=84.238.253.0/24 in-interface=bridge-local
add chain=prerouting dst-address=91.196.224.0/24 in-interface=bridge-local
add action=mark-connection chain=prerouting dst-address-type=local 
    in-interface=bridge-local new-connection-mark=WAN1_Conn 
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=local 
    in-interface=bridge-local new-connection-mark=WAN2_Conn 
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_Conn 
    in-interface=bridge-local new-routing-mark=na_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_Conn 
    in-interface=bridge-local new-routing-mark=na_WAN2
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" 
    out-interface=WAN1
add action=masquerade chain=srcnat comment="default configuration" 
    out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=DVR dst-address=84.238.253.xx 
    dst-port=80,6036 in-interface=bridge-local protocol=tcp to-addresses=
    192.168.2.250
add action=dst-nat chain=dstnat comment=DVR dst-address=91.196.224.xx 
    dst-port=80,6036 in-interface=bridge-local protocol=tcp to-addresses=
    192.168.2.250
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=
    192.168.89.0/24
/ip route
add check-gateway=ping distance=1 gateway=84.238.253.81 routing-mark=na_WAN1
add check-gateway=ping distance=1 gateway=91.196.224.1 routing-mark=na_WAN2
add distance=1 gateway=84.238.253.81
/ip route rule
add interface=WAN1 routing-mark=na_WAN1 src-address=192.168.88.1/32 table=
    na_WAN2
add interface=WAN2 routing-mark=na_WAN2 src-address=192.168.88.1/32 table=
    na_WAN2
/system clock
set time-zone-name=Europe/Sofia
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=WAN2
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=WAN2
add interface=wlan1
add interface=bridge-local
Адрес на коментара
Сподели в други сайтове

2 отговори на този въпрос

Recommended Posts

  • 0
  • Администратор
/ip firewall filter
add chain=input comment="allow winbox" dst-port=8291 protocol=tcp

Поставено най отгоре над другите правила 

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа


ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Адрес на коментара
Сподели в други сайтове

Създайте нов акаунт или се впишете, за да коментирате

За да коментирате, трябва да имате регистрация

Създайте акаунт

Присъединете се към нашата общност. Регистрацията става бързо!

Регистрация на нов акаунт

Вход

Имате акаунт? Впишете се оттук.

Вписване
  • Потребители разглеждащи страницата   0 потребители

    • No registered users viewing this page.
×
×
  • Създай нов...

Important Information

By using this site, you agree to our Terms of Use.