Vpn server и два интернета

Обсуждение ПО и его настройки
Ответить
sanek101
Сообщения: 20
Зарегистрирован: 21 дек 2015, 19:26

Здравствуйте, вопрос следующий, имею два интернета со статическим IP адресом,интернет настроен на разделение каналов , необходимо на один адрес повесить VPN server, я бы даже сказал повесить на второй порт PPTP server, прописываю такой правило chain=input action=accept protocol=tcp in-interface=ISP2 dst-port=1723 log=no log-prefix="" , но подключения нету по этому IP нету , если пишу в in-interface=ISP1, и меня адрес подключения ,то коннект проходит, как мне прописать PPTP сервер именно к ISP2 ?


vqd
Модератор
Сообщения: 3605
Зарегистрирован: 26 сен 2013, 14:20
Откуда: НСК
Контактная информация:

конфиг покажите для начала


Есть интересная задача и бюджет? http://mikrotik.site
sanek101
Сообщения: 20
Зарегистрирован: 21 дек 2015, 19:26

да пожалуйста :
 
/interface bridge
add admin-mac=E4:8D:8C:2A:79:31 arp=proxy-arp auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-getaway
set [ find default-name=ether3 ] arp=proxy-arp name=ether3-master-local
set [ find default-name=ether4 ] master-port=ether3-master-local name=\
ether4-slave-local rx-flow-control=auto speed=1Gbps tx-flow-control=auto
set [ find default-name=ether5 ] master-port=ether3-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] arp=proxy-arp name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
ether10-slave-local
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1480 \
max-mtu=1480 mrru=1600 name=KVARC password=FQz54A2aM2 user=lozhkinaa
add disabled=no interface=ether2-getaway max-mru=1480 max-mtu=1480 mrru=1600 \
name=P-T-K password=FbjzMv2oxB user=pe1016973
/ip neighbor discovery
set ether1-gateway discover=no
/ip pool
add name=dhcp ranges=10.0.0.2-10.0.0.50
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=\
dhcp
/interface bridge port
add bridge=bridge-local interface=sfp1
add bridge=bridge-local interface=ether3-master-local
add bridge=bridge-local interface=ether6-master-local
/interface pptp-server server
set enabled=yes max-mru=1300 max-mtu=1300
/ip address
add address=10.0.0.1/24 comment="default configuration" interface=bridge-local \
network=10.0.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether2-getaway use-peer-dns=no
/ip dhcp-server lease
add address=10.0.0.20 client-id=1:0:16:e6:8b:13:a0 mac-address=\
00:16:E6:8B:13:A0 server=dhcp
add address=10.0.0.21 client-id=1:0:1e:67:52:28:18 mac-address=\
00:1E:67:52:28:18 server=dhcp
add address=10.0.0.22 client-id=1:0:15:17:5e:61:78 mac-address=\
00:15:17:5E:61:78 server=dhcp
add address=10.0.0.25 client-id=1:24:a4:3c:ec:ac:86 mac-address=\
24:A4:3C:EC:AC:86 server=dhcp
add address=10.0.0.32 client-id=1:2:29:1:0:d:b mac-address=02:29:01:00:0D:0B \
server=dhcp
add address=10.0.0.26 client-id=1:24:a4:3c:ec:a7:98 mac-address=\
24:A4:3C:EC:A7:98 server=dhcp
add address=10.0.0.27 client-id=1:4c:5e:c:ce:79:42 mac-address=\
4C:5E:0C:CE:79:42 server=dhcp
add address=10.0.0.24 client-id=1:0:0:0:4:44:44 mac-address=00:00:00:04:44:44 \
server=dhcp
add address=10.0.0.33 client-id=1:2:cb:92:0:d:b mac-address=02:CB:92:00:0D:0B \
server=dhcp
add address=10.0.0.49 client-id=1:6c:62:6d:4b:ac:56 mac-address=\
6C:62:6D:4B:AC:56 server=dhcp
add address=10.0.0.18 client-id=1:0:1e:67:6:32:84 mac-address=00:1E:67:06:32:84 \
server=dhcp
/ip dhcp-server network
add address=10.0.0.0/24 comment="default configuration" dns-server=\
77.88.8.7,77.88.8.3 gateway=10.0.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8
/ip dns static
add address=10.0.0.1 name=router
/ip firewall address-list
add address=10.0.0.32 list=NAS
add address=10.0.0.22 list=NAS
add address=10.0.0.33 list=NAS
add address=10.0.0.21 disabled=yes list=NAS
add address=10.0.0.18 disabled=yes list=NAS
/ip firewall filter
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
established,related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=KVARC \
protocol=tcp
add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=P-T-K \
protocol=tcp
add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=KVARC \
protocol=udp
add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=P-T-K \
protocol=udp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=mark-NAS passthrough=\
no src-address-list=NAS
add action=mark-connection chain=input disabled=no in-interface=P-T-K \
new-connection-mark=P-T-K-Input passthrough=no
add action=mark-routing chain=output connection-mark=P-T-K-Input disabled=no \
new-routing-mark=P-T-K passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=KVARC
add action=masquerade chain=srcnat out-interface=P-T-K
add action=masquerade chain=srcnat out-interface=ether2-getaway
add action=masquerade chain=srcnat src-address-list=NAS
add action=netmap chain=dstnat dst-port=51413 protocol=tcp to-addresses=\
10.0.0.32 to-ports=51413
add action=netmap chain=dstnat comment=PLEX dst-port=32400 protocol=tcp \
to-addresses=10.0.0.33 to-ports=32400
add action=netmap chain=dstnat comment=1C_SG dst-port=55389 protocol=tcp \
to-addresses=10.0.0.21 to-ports=3389
add action=dst-nat chain=dstnat comment=1C_BS dst-port=56389 protocol=tcp \
to-addresses=10.0.0.18 to-ports=3389
add action=dst-nat chain=dstnat comment=1C_BS dst-port=8081 protocol=tcp \
to-addresses=10.0.0.18 to-ports=8081
add action=dst-nat chain=dstnat comment=FTP dst-port=21 protocol=tcp \
to-addresses=10.0.0.22 to-ports=21
add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=81 protocol=tcp \
to-addresses=10.0.0.49 to-ports=80
add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4008 protocol=tcp \
to-addresses=10.0.0.49 to-ports=4008
add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4008 protocol=udp \
to-addresses=10.0.0.49 to-ports=4008
add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4012 protocol=tcp \
to-addresses=10.0.0.49 to-ports=4008
add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4012 protocol=udp \
to-addresses=10.0.0.49 to-ports=4008
add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=8000 protocol=tcp \
to-addresses=10.0.1.3 to-ports=8000
add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=10510 protocol=tcp \
to-addresses=10.0.1.3 to-ports=10510
add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=9000 protocol=tcp \
to-addresses=10.0.1.3 to-ports=9000
add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=8080 protocol=tcp \
to-addresses=10.0.1.3 to-ports=8080
add action=netmap chain=dstnat comment=HTTP_NIKOLAY dst-port=82 protocol=tcp \
to-addresses=10.0.1.3 to-ports=81
add action=netmap chain=dstnat comment=LUZHKI_RVI dst-port=37778 protocol=tcp \
to-addresses=10.0.1.2 to-ports=37777
add action=netmap chain=dstnat comment=LUZHKI_PARADOX_HTTP dst-port=88 \
protocol=tcp to-addresses=10.0.1.2 to-ports=88
add action=netmap chain=dstnat comment=LUZHKI_DVR dst-port=34567 protocol=tcp \
to-addresses=10.0.1.2 to-ports=34567
add action=netmap chain=dstnat comment=LUZHKI_DVR_MOBI dst-port=34599 protocol=\
tcp to-addresses=10.0.1.2 to-ports=34599
add action=netmap chain=dstnat comment=LUZHKI_iPARADOX dst-port=10002 protocol=\
tcp to-addresses=10.0.1.2 to-ports=10000
/ip route
add distance=1 gateway=P-T-K routing-mark=mark-NAS
add disabled=no distance=1 gateway=P-T-K routing-mark=P-T-K
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 address
add address=::e68d:8cff:fe2a:7931 eui-64=yes from-pool=kvarc interface=\
bridge-local
/ipv6 dhcp-client
add add-default-route=yes pool-name=kvarc request=prefix
add add-default-route=yes disabled=yes pool-name=p-t-k request=prefix
/ppp secret
add local-address=10.0.0.1 name=dvr password=******* remote-address=10.0.1.3 \
service=pptp
add local-address=10.0.0.1 name=rvi password=******* remote-address=10.0.1.2 \
service=pptp
add local-address=10.0.0.1 name=kurkov password=******* remote-address=10.0.1.4 \
service=pptp
add local-address=10.0.0.1 name=lenovo password=******* remote-address=10.0.1.5 \
service=pptp
add local-address=10.0.0.1 name=iphone password=******* remote-address=10.0.1.6 \
service=pptp
add local-address=10.0.0.1 name=test password=******* remote-address=10.0.1.20 \
service=pptp
add local-address=10.0.0.1 name=tim password=******* remote-address=10.0.1.7 \
service=pptp


sanek101
Сообщения: 20
Зарегистрирован: 21 дек 2015, 19:26

Никто так и не поможет?


Ответить