M4D3V1L Публикувано 31 Май, 2020 Доклад Сподели Публикувано 31 Май, 2020 (Редактирано) Здравейте, свързах горепосочените у-ва и микротика си откри всичко като хората, но когато пробвам да пингна 8.8.8.8 например timeout-ва и дава 192.168.8.100 като unreachable.Какво пропускам? Редактирано 31 Май, 2020 от M4D3V1L Адрес на коментара Сподели в други сайтове More sharing options...
Администратор 111111 Отговорено 1 Юни, 2020 Администратор Доклад Сподели Отговорено 1 Юни, 2020 Без експорт на конфигурацията няма как да се разбере. синия цвят = неактивно правило или такова с нисък приоритет. Харесай поста ^^^ Форумът е за взаимопомощ а не за свършване на чужда работа ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ Адрес на коментара Сподели в други сайтове More sharing options...
M4D3V1L Отговорено 1 Юни, 2020 Автор Доклад Сподели Отговорено 1 Юни, 2020 На 1.06.2020 г. at 8:47, 111111 написа: Без експорт на конфигурацията няма как да се разбере. синия цвят = неактивно правило или такова с нисък приоритет. /interface lte set [ find ] mac-address=0C:5B:8F:27:9A:64 name=lte1 /interface bridge add admin-mac=D4:CA:6D:31:F3:9E auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether1 ] speed=100Mbps set [ find default-name=ether2 ] speed=100Mbps set [ find default-name=ether3 ] speed=100Mbps set [ find default-name=ether4 ] speed=100Mbps set [ find default-name=ether5 ] speed=100Mbps set [ find default-name=ether6 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether7 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether8 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether9 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether10 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\ dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\ wpa2-pre-shared-key= add authentication-types=wpa2-psk eap-methods="" management-protection=\ allowed mode=dynamic-keys name=siso supplicant-identity="" \ wpa2-pre-shared-key= /interface wireless set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-eC \ country=bulgaria distance=indoors frequency=2472 installation=indoor \ mode=ap-bridge preamble-mode=short security-profile=siso ssid=\ mikrotikwifi wireless-protocol=802.11 wmm-support=enabled wps-mode=\ disabled /ip ipsec profile add enc-algorithm=aes-256,aes-192,3des name=profile_1 /ip ipsec peer # This entry is unreachable add name=peer2 passive=yes profile=profile_1 /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc,3des pfs-group=none /ip pool add name=default-dhcp ranges=192.168.5.2-192.168.5.254 add name=L2TP ranges=10.8.0.2-10.8.0.100 add comment=LTE name=LTE ranges=192.168.8.2-192.168.8.150 /ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge name=LAN /ip ipsec mode-config add address-pool=L2TP name=vpndhcp system-dns=no /ppp profile set *FFFFFFFE dns-server=8.8.8.8 local-address=192.168.5.1 remote-address=\ L2TP use-encryption=required use-mpls=yes /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\ sword,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=ether6 add bridge=bridge comment=defconf interface=ether7 add bridge=bridge comment=defconf interface=ether8 add bridge=bridge comment=defconf interface=ether9 add bridge=bridge comment=defconf interface=sfp1 add bridge=bridge comment=defconf interface=wlan1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set authentication=mschap2 enabled=yes ipsec-secret= use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN /ip address add address=192.168.5.1/24 comment=defconf interface=bridge network=\ 192.168.5.0 /ip dhcp-client add comment=defconf disabled=no interface=ether1 add default-route-distance=2 disabled=no interface=lte1 /ip dhcp-server network add address=192.168.5.0/24 comment=LAN dns-server=1.1.1.1,1.0.0.1 gateway=\ 192.168.5.1 /ip dns set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1 /ip dns static add address=192.168.88.1 name=router.lan /ip firewall filter add action=accept chain=input in-interface=lte1 add action=accept chain=input comment="Allow UDP VPN 1" dst-port=500 \ in-interface=ether1 protocol=udp add action=accept chain=input comment="Allow VPN 2" connection-state=new \ dst-port=1701 in-interface=ether1 protocol=udp add action=accept chain=input comment="Allow VPN 3" dst-port=4500 \ in-interface=ether1 protocol=udp add action=accept chain=forward in-interface=ether1 protocol=ipsec-esp add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat out-interface=lte1 /ip ipsec identity # Wrong mode-config # address ID must be used in main mode or use my-id=auto! add generate-policy=port-override mode-config=request-only my-id=user-fqdn \ peer=peer2 remote-id=ignore secret= /ip service set telnet disabled=yes set ftp disabled=yes /ip traffic-flow set enabled=yes /lcd set backlight-timeout=20m /port firmware set directory=pub /system clock set time-zone-name=Europe/Sofia /system routerboard usb set usb-mode=force-host /tool graphing interface add interface=bridge store-on-disk=no add interface=ether2 store-on-disk=no add interface=ether3 store-on-disk=no /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN /tool traffic-monitor add interface=ether1 name=tmon1 threshold=0 Адрес на коментара Сподели в други сайтове More sharing options...
Администратор 111111 Отговорено 2 Юни, 2020 Администратор Доклад Сподели Отговорено 2 Юни, 2020 При дистанция 2 няма тръгне нормално. Имаш нещо с по висок приоритет. Харесай поста ^^^ Форумът е за взаимопомощ а не за свършване на чужда работа ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ Адрес на коментара Сподели в други сайтове More sharing options...
Recommended Posts
Създайте нов акаунт или се впишете, за да коментирате
За да коментирате, трябва да имате регистрация
Създайте акаунт
Присъединете се към нашата общност. Регистрацията става бързо!
Регистрация на нов акаунтВход
Имате акаунт? Впишете се оттук.
Вписване