Като цяло съм новак с мокротик-а. Постарах се за изчета почти целия форум, но не намерих нищо което да ми помогне. Все пак се възползвах от някои интересни скриптове.
Та проблема ми е следния:
Имам няколко TP-Link-а, който са зад БТК ADSL. Рутерите са с една и съща конфигурация: wan ip 192.168.1.2 и lan ip 192.168.2.1 с пренасочени портове към PC:192.168.2.2
Настроих си един Routerbord за VPN PPTP сървър. Проблема ми е, че когато закача TP-Linkовете към VPN-a, пренасочванията на портовете им не сработва.
Question
DuMbh3aD
Здравейте,
Като цяло съм новак с мокротик-а. Постарах се за изчета почти целия форум, но не намерих нищо което да ми помогне. Все пак се възползвах от някои интересни скриптове.
Та проблема ми е следния:
Имам няколко TP-Link-а, който са зад БТК ADSL. Рутерите са с една и съща конфигурация: wan ip 192.168.1.2 и lan ip 192.168.2.1 с пренасочени портове към PC:192.168.2.2
Настроих си един Routerbord за VPN PPTP сървър. Проблема ми е, че когато закача TP-Linkовете към VPN-a, пренасочванията на портовете им не сработва.
Ето и експорт от микротика:
# by RouterOS 6.34.4 # software id = MP3R-1I55 # /interface bridge add name=Priv add name=Pub /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa-psk,wpa2-psk eap-methods="" \ management-protection=allowed mode=dynamic-keys name=WiFi \ supplicant-identity="" wpa-pre-shared-key=******** \ wpa2-pre-shared-key=******** add authentication-types=wpa-psk,wpa2-psk eap-methods="" \ management-protection=allowed name=WiFi_Pub supplicant-identity="" \ wpa-pre-shared-key=******** wpa2-pre-shared-key=******** /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \ name=WiFi_Priv security-profile=WiFi ssid=WiFi wds-default-bridge=Priv add disabled=no keepalive-frames=disabled mac-address=xx:xx:xx:xx:xx:xx \ master-interface=WiFi_Priv multicast-buffering=disabled name=WiFi_Pub \ security-profile=WiFi_Pub ssid="Public WiFi" wds-cost-range=0 \ wds-default-cost=0 /ip pool add name=POOL_Priv ranges=192.168.88.150-192.168.88.254 add name=POOL_Pub ranges=192.168.0.1-192.168.0.254 add name=POOL_VPN ranges=192.168.10.1-192.168.10.254 /ip dhcp-server add address-pool=POOL_Priv disabled=no interface=Priv name=DHCP_Priv add address-pool=POOL_Pub disabled=no interface=Pub name=DHCP_Pub /ppp profile add local-address=192.168.10.1 name=VPN remote-address=POOL_VPN /queue simple add dst=WAN max-limit=512k/4M name=QUEUE_Pub target=Pub /interface bridge port add bridge=Priv interface=LAN_1 add bridge=Priv interface=LAN_2 add bridge=Priv interface=LAN_3 add bridge=Priv interface=LAN_4 add bridge=Priv interface=WiFi_Priv add bridge=Pub interface=WiFi_Pub /ip firewall connection tracking set enabled=yes /interface pptp-server server set enabled=yes /ip address add address=*.*.*.*/* comment="IP for WAN" interface=WAN network=\ *.*.*.* add address=192.168.88.1/24 comment="IP for private network" interface=Priv \ network=192.168.88.0 add address=192.168.0.1/24 comment="IP for public network" interface=Pub \ network=192.168.0.0 /ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 add address=192.168.88.0/24 gateway=192.168.88.1 /ip dns set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220 /ip firewall filter add action=drop chain=input comment=DROP_NO_BG_IPs in-interface=WAN \ src-address-list=!BG_IPs add action=drop chain=forward comment=DROP_PUB_TO_PRIV in-interface=Pub \ out-interface=Priv add action=drop chain=forward comment=DROP_TEAMVIEWER dst-port=5937-5939 \ protocol=tcp src-address=!192.168.88.5 add action=drop chain=forward dst-address-list=TeamViewer src-address=!192.168.88.5 add action=drop chain=forward comment="BLOCK ADS" content=doubleclick.net \ dst-port=80,443 protocol=tcp add action=drop chain=forward content=ec-ns.sascdn.com dst-port=80,443 \ protocol=tcp add action=drop chain=forward content=ggpht.com dst-port=80,443 protocol=tcp add action=drop chain=forward content=&ctier dst-port=80,443 protocol=tcp add action=drop chain=forward content=googleads.g.doubleclick.net dst-port=\ 80,443 protocol=tcp add action=drop chain=forward content=&ctier dst-port=80,443 protocol=tcp /ip firewall nat add action=masquerade chain=srcnat comment=GATE_MASQUERADE out-interface=WAN add action=dst-nat chain=dstnat dst-port=3389 in-interface=WAN protocol=tcp \ src-address-list=ALLOW_IP to-addresses=192.168.88.5 to-ports=3389 \ comment=RDPs add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.10.110 \ dst-port=3389 protocol=tcp to-addresses=192.168.10.110 to-ports=3389 add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.10.111 \ dst-port=3389 protocol=tcp to-addresses=192.168.10.111 to-ports=3389 add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=udp add action=redirect chain=dstnat dst-port=53 protocol=tcp /ppp secret add name=TP-Link1 password=TP-Link1 profile=VPN remote-address=\ 192.168.10.110 add name=TP-Link2 password=TP-Link2 profile=VPN remote-address=\ 192.168.10.111
Link to comment
Share on other sites
8 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now