καλησπέρα. Έχω ένα router της cosmote στο με 192.168.178.1/24. Εκεί πάνω έχω ένα Mikrotik με ΙΡ:192.168.177.1/24 όπου κάνει pppoe (μεσω passthrough) πάνω από το router της Cosmote και συνδέω το LAN μου στο internet. θα ήθελα να μπορώ να βλέπω από το LAN(192.168.177.0) το 192.168.178.0 ώστε πχ να βλέπω αν το router βγάζει λάθη πάνω στην γραμμή κτλ.
πως θα το κανώ αυτό?
Εμφάνιση 1-6 από 6
-
08-10-20, 14:13 Access to router from pppoe #1
-
08-10-20, 16:30 Απάντηση: Access to router from pppoe #2
Πρέπει να κάνεις ένα NAT στο Mikrotik προς το router της Cosmote.
Κώδικας:/ip firewall nat add action=masquerade chain=srcnat comment="NAT for Modem" dst-address=192.168.178.1 out-interface=την ethernet port που έχεις συνδέσει το modem src-address=192.168.177.0/24
-
09-10-20, 15:49 Απάντηση: Access to router from pppoe #3
-
14-11-20, 14:14 Απάντηση: Access to router from pppoe #4
Έχω δοκιμάσει το παραπάνω και δεν δουλεύει.
Έχω δοκιμάσει τα πάντα. Τώρα μόλις έκανα reset to factory configuration.
Στην συνέχεια πρόσθεσα το ip 192.168.1.2 στο "ether1-ToModem" (το modem είναι 192.168.1.1)
και το rule:
Κώδικας:add action=masquerade chain=srcnat comment="NAT to Modem" out-interface=ether1-ToModem
Όλο το configuration είναι το παρακάτω:
Κώδικας:# nov/14/2020 11:39:03 by RouterOS 6.47.7 # software id = 4I2K-XZX3 # # model = RouterBOARD 750G r3 # serial number = aabbccddeeff /interface bridge add admin-mac=6C:3B:6B:7D:98:A2 auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether1 ] name=ether1-ToModem set [ find default-name=ether2 ] disabled=yes name=ether2-ModemLAN set [ find default-name=ether3 ] name=ether3-Home set [ find default-name=ether4 ] name=ether4-ubnt set [ find default-name=ether5 ] name=ether5-nap /interface pppoe-client add add-default-route=yes disabled=no interface=ether1-ToModem name=\ pppoe-out1 use-peer-dns=yes user=username /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.19.160-192.168.19.189 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2-ModemLAN add bridge=bridge comment=defconf interface=ether3-Home add bridge=bridge comment=defconf interface=ether4-ubnt add bridge=bridge comment=defconf interface=ether5-nap /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1-ToModem list=WAN add interface=pppoe-out1 list=WAN /ip address add address=192.168.19.254/24 comment=defconf interface=ether2-ModemLAN \ network=192.168.19.0 add address=192.168.1.2 comment="added to access modem from lan" interface=\ ether1-ToModem network=192.168.1.0 /ip dhcp-client add comment=defconf interface=ether1-ToModem /ip dhcp-server network add address=192.168.19.0/24 comment=defconf gateway=192.168.19.254 netmask=24 /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.19.254 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="NAT to Modem" out-interface=\ ether1-ToModem add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN /ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 add address=::1/128 comment="defconf: lo" list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 add address=100::/64 comment="defconf: discard only " list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6 add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6 add address=::/104 comment="defconf: other" list=bad_ipv6 add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6 /ipv6 firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6 add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udp add action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10 add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udp add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ah add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-esp add action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec add action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN add action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6 add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6 add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6 add action=accept chain=forward comment="defconf: accept HIP" protocol=139 add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udp add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ah add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-esp add action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec add action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN /system clock set time-zone-name=Europe/Athens /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
Διόρθωσα το rule
Κώδικας:add address=192.168.1.2/24 comment="added to access modem from lan" interface=\ ether1-ToModem network=192.168.1.0
Τελευταία επεξεργασία από το μέλος Dimitris_Her : 14-11-20 στις 12:54.
-
14-11-20, 15:47 Απάντηση: Access to router from pppoe #5
Βάλε στο nat src address το δίκτυο σου και dst address τη διεύθυνση του modem
-
14-11-20, 19:47 Απάντηση: Access to router from pppoe #6
Αν εννοείς το παρακάτω NAT, το έχω δοκιμάσει και αυτό.
Κώδικας:;;; NAT for modem chain=srcnat action=masquerade src-address=192.168.19.0/24 dst-address=192.168.1.1 out-interface=ether1-ToModem log=no log-prefix=""
Update:
Ζήτησα βοήθεια στο forum της Mikrotik.
- - - Updated - - -
Τελικά βρέθηκε λύση. Το πρόβλημα ήταν ότι είχα στον υπολογιστή μου επιπλέον IP (στο ίδιο subnet με το modem).
Η απάντηση που πήρα και μου έλυσε το πρόβλημα ήταν η παρακάτω:
If you connect the cable, and ether2 is bridged as it is, then all interfaces connected to that bridge form "one L2 direct attached network " to the PC.
In contrast to the network connected to ether1, which is L3/routed connected.
If your PC has IP address 192.168.1.19/24 and you try to reach 192.168.1.1 the PC will send an ARP request on its network and (only) try a direct connection, without using a router/gateway.
If the ether2 cable is not there the PC will not find 192.168.1.1
If the PC only has 192.168.19.19/24 as IP address, and tries to reach 192.168.1.1, it will use the gateway 192.168.19.1 because it has no direct connection to that network.Τελευταία επεξεργασία από το μέλος Dimitris_Her : 14-11-20 στις 18:37.
Bookmarks