Access to router from pppoe

[atux_null]

καλησπέρα. Έχω ένα router της cosmote στο με 192.168.178.1/24. Εκεί πάνω έχω ένα Mikrotik με ΙΡ:192.168.177.1/24 όπου κάνει pppoe (μεσω passthrough) πάνω από το router της Cosmote και συνδέω το LAN μου στο internet. θα ήθελα να μπορώ να βλέπω από το LAN(192.168.177.0) το 192.168.178.0 ώστε πχ να βλέπω αν το router βγάζει λάθη πάνω στην γραμμή κτλ.
πως θα το κανώ αυτό?

[sxbcl]

Πρέπει να κάνεις ένα NAT στο Mikrotik προς το router της Cosmote.

Κώδικας:

/ip firewall nat
add action=masquerade chain=srcnat comment="NAT for Modem" dst-address=192.168.178.1 out-interface=την ethernet port που έχεις συνδέσει το modem src-address=192.168.177.0/24

Με την προϋπόθεση ότι στο Mikrotik και στην πόρτα που έχεις συνδεδεμένο το modem έχεις μια διεύθυνση IP στο ίδιο subnet, π.χ. 192.168.178.2

[atux_null]

...Με την προϋπόθεση ότι στο Mikrotik και στην πόρτα που έχεις συνδεδεμένο το modem έχεις μια διεύθυνση IP στο ίδιο subnet, π.χ. 192.168.178.2

έπαιξε σωστά. Ευχαριστώ πολύ.

[Dimitris_Her]

Έχω δοκιμάσει το παραπάνω και δεν δουλεύει.

Έχω δοκιμάσει τα πάντα. Τώρα μόλις έκανα reset to factory configuration.
Στην συνέχεια πρόσθεσα το ip 192.168.1.2 στο "ether1-ToModem" (το modem είναι 192.168.1.1)
και το rule:

Κώδικας:

add action=masquerade chain=srcnat comment="NAT to Modem" out-interface=ether1-ToModem

Τώρα δεν μπορώ καν να κάνω ping στο modem.

Όλο το configuration είναι το παρακάτω:

Κώδικας:

# nov/14/2020 11:39:03 by RouterOS 6.47.7
# software id = 4I2K-XZX3
#
# model = RouterBOARD 750G r3
# serial number = aabbccddeeff
/interface bridge
add admin-mac=6C:3B:6B:7D:98:A2 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ToModem
set [ find default-name=ether2 ] disabled=yes name=ether2-ModemLAN
set [ find default-name=ether3 ] name=ether3-Home
set [ find default-name=ether4 ] name=ether4-ubnt
set [ find default-name=ether5 ] name=ether5-nap
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-ToModem name=\
    pppoe-out1 use-peer-dns=yes user=username
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.19.160-192.168.19.189
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-ModemLAN
add bridge=bridge comment=defconf interface=ether3-Home
add bridge=bridge comment=defconf interface=ether4-ubnt
add bridge=bridge comment=defconf interface=ether5-nap
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-ToModem list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.19.254/24 comment=defconf interface=ether2-ModemLAN \
    network=192.168.19.0
add address=192.168.1.2 comment="added to access modem from lan" interface=\
    ether1-ToModem network=192.168.1.0
/ip dhcp-client
add comment=defconf interface=ether1-ToModem
/ip dhcp-server network
add address=192.168.19.0/24 comment=defconf gateway=192.168.19.254 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.19.254 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT to Modem" out-interface=\
    ether1-ToModem
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Athens
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

- - - Updated - - -

Διόρθωσα το rule

Κώδικας:

add address=192.168.1.2/24 comment="added to access modem from lan" interface=\
    ether1-ToModem network=192.168.1.0

και τώρα μπορώ να κάνω ping το modem από το mikrotik αλλά ακόμη όχι από το lan.

[sxbcl]

Βάλε στο nat src address το δίκτυο σου και dst address τη διεύθυνση του modem

[Dimitris_Her]

Αν εννοείς το παρακάτω NAT, το έχω δοκιμάσει και αυτό.

Κώδικας:

 ;;; NAT for modem
      chain=srcnat action=masquerade src-address=192.168.19.0/24 dst-address=192.168.1.1 
      out-interface=ether1-ToModem log=no log-prefix=""

Δυστυχώς δεν δουλεύει. Έχω σηκώσει ψηλά τα χέρια

Update:
Ζήτησα βοήθεια στο forum της Mikrotik.

- - - Updated - - -

Τελικά βρέθηκε λύση. Το πρόβλημα ήταν ότι είχα στον υπολογιστή μου επιπλέον IP (στο ίδιο subnet με το modem).
Η απάντηση που πήρα και μου έλυσε το πρόβλημα ήταν η παρακάτω:

If you connect the cable, and ether2 is bridged as it is, then all interfaces connected to that bridge form "one L2 direct attached network " to the PC.
In contrast to the network connected to ether1, which is L3/routed connected.

If your PC has IP address 192.168.1.19/24 and you try to reach 192.168.1.1 the PC will send an ARP request on its network and (only) try a direct connection, without using a router/gateway.
If the ether2 cable is not there the PC will not find 192.168.1.1
If the PC only has 192.168.19.19/24 as IP address, and tries to reach 192.168.1.1, it will use the gateway 192.168.19.1 because it has no direct connection to that network.

Αφαίρεσα από το pc το ip που ήταν στο ίδιο subnet με το modem και μπόρεσα να συνδεθώ με το modem.