Jump to content
  • 0

Проблем с рутиране между 2 мрежи

Mikk

Asked by Mikk,

 Share

Question

Mikk Newbie

Mikk

Posted
Posted

Доста съм бос в темата, затова предполагам ударих на камък. Та историята, изгорял рутер, сменен с нов, и няма бекъп....както обикновенно. Каква е била предишната конфигурация, дали е работила и защо така са построени мрежите....нямам идея. Топологията е следната:

ISP -> MikroTik - Port 2 отива към мрежа клас С и Port 3 отива в друго комуникационно оборудване, което създава нова мрежа клас В, няколко WiFi мрежи + у-ва свързани с кабел. Върху MikroTik-а имам пълен достъп, върху другото комуникационно оборудване нямам достъп, но мисля че проблем там няма.

Проблема е следния, принтер свързан в мрежа 1 е видим в двете мрежи и си печата от всякъде.

Принтер  свързан в мрежа 2 е видим само там, нито пинг нито печатане от мрежа 1.

Опитах се да задам статичен рут от едната мрежа в другата, но не се справих. Не ми приема мрежа с маска /20.

Цял ден си загубих да пробвам варианти взети от Интернет, и накрая нищо.

Моля за вашите коментари и предложения.

 

OU_Chema.jpg

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0
  • Administrator
111111 Rising Star

111111

Posted
  • Administrator
Posted

Експорт на конфигурацията?

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа

ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites
  • 0
Mikk
Newbie

Mikk

Posted
  • Author
Posted

Ето я.

  

# oct/17/2019 21:48:23 by RouterOS 6.45.6
#
# model = RB941-2nD
/interface bridge
add admin-mac=74:4D:28:48:FA:79 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country=bulgaria disabled=no distance=indoors frequency=auto \
    frequency-mode=regulatory-domain mode=ap-bridge ssid="OU Hristo Botev" \
    wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
    rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
    rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=#789987@oPAN \
    wpa2-pre-shared-key=#789987@oPAN
/ip pool
add name=dhcp ranges=192.168.10.11-192.168.10.99
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.10.1/24 comment=defconf interface=bridge network=\
    192.168.10.0
add address=62.176.77.90/29 interface=ether1 network=62.176.77.88
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server lease
add address=192.168.10.14 client-id=1:0:21:b7:93:83:48 mac-address=\
    00:21:B7:93:83:48 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 comment=defconf gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=212.39.90.42,212.39.90.43
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="WAN Access" dst-port=8291 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=37777 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.10.243 to-ports=37777
add action=dst-nat chain=dstnat dst-port=8042 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.10.242 to-ports=8042
add action=dst-nat chain=dstnat dst-port=8041 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.10.241 to-ports=8041
add action=dst-nat chain=dstnat dst-port=81 in-interface=ether1 protocol=tcp \
    to-addresses=192.168.10.241 to-ports=81
add action=dst-nat chain=dstnat dst-port=82 in-interface=ether1 protocol=tcp \
    to-addresses=192.168.10.242 to-ports=82
add action=dst-nat chain=dstnat dst-port=83 in-interface=ether1 protocol=tcp \
    to-addresses=192.168.10.243 to-ports=83
/ip route
add distance=1 gateway=62.176.77.89
/system clock
set time-zone-name=Europe/Sofia
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN


 

Link to comment
Share on other sites
  • 0
danklod Newbie

danklod

Posted
Posted

Пробвай да сетнеш 10.205.192.0/20, който да сочи към втория рутер. Той най вероятно си е взел адрес от 192.168.10.0/24, така че най добре му направи статичен запис в DHCP-то.

Link to comment
Share on other sites
  • 0
  • Administrator
JohnTRIVOLTA Proficient

JohnTRIVOLTA

Posted
  • Administrator
Posted

На прима виста добавете правило за изключение на сорснат с дестинация адреса на принтера в рутер 1 :

/ip fi n add action=accept chain=srcnat dst-address=10.205.198.110 place-before=0

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept