Обнаружена блокировка рекламы: Наш сайт существует благодаря показу онлайн-рекламы нашим посетителям. Пожалуйста, подумайте о поддержке нас, отключив блокировщик рекламы на нашем веб-сайте.
Обсуждение ПО и его настройки
sanek101
Сообщения: 20 Зарегистрирован: 21 дек 2015, 19:26
03 фев 2016, 02:26
Здравствуйте, вопрос следующий, имею два интернета со статическим IP адресом,интернет настроен на разделение каналов , необходимо на один адрес повесить VPN server, я бы даже сказал повесить на второй порт PPTP server, прописываю такой правило chain=input action=accept protocol=tcp in-interface=ISP2 dst-port=1723 log=no log-prefix="" , но подключения нету по этому IP нету , если пишу в in-interface=ISP1, и меня адрес подключения ,то коннект проходит, как мне прописать PPTP сервер именно к ISP2 ?
vqd
Модератор
Сообщения: 3605 Зарегистрирован: 26 сен 2013, 14:20
Откуда: НСК
Контактная информация:
03 фев 2016, 07:45
конфиг покажите для начала
sanek101
Сообщения: 20 Зарегистрирован: 21 дек 2015, 19:26
03 фев 2016, 17:47
да пожалуйста :
/interface bridge add admin-mac=E4:8D:8C:2A:79:31 arp=proxy-arp auto-mac=no name=bridge-local /interface ethernet set [ find default-name=ether1 ] name=ether1-gateway set [ find default-name=ether2 ] name=ether2-getaway set [ find default-name=ether3 ] arp=proxy-arp name=ether3-master-local set [ find default-name=ether4 ] master-port=ether3-master-local name=\ ether4-slave-local rx-flow-control=auto speed=1Gbps tx-flow-control=auto set [ find default-name=ether5 ] master-port=ether3-master-local name=\ ether5-slave-local set [ find default-name=ether6 ] arp=proxy-arp name=ether6-master-local set [ find default-name=ether7 ] master-port=ether6-master-local name=\ ether7-slave-local set [ find default-name=ether8 ] master-port=ether6-master-local name=\ ether8-slave-local set [ find default-name=ether9 ] master-port=ether6-master-local name=\ ether9-slave-local set [ find default-name=ether10 ] master-port=ether6-master-local name=\ ether10-slave-local set [ find default-name=sfp1 ] disabled=yes /interface pppoe-client add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1480 \ max-mtu=1480 mrru=1600 name=KVARC password=FQz54A2aM2 user=lozhkinaa add disabled=no interface=ether2-getaway max-mru=1480 max-mtu=1480 mrru=1600 \ name=P-T-K password=FbjzMv2oxB user=pe1016973 /ip neighbor discovery set ether1-gateway discover=no /ip pool add name=dhcp ranges=10.0.0.2-10.0.0.50 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=\ dhcp /interface bridge port add bridge=bridge-local interface=sfp1 add bridge=bridge-local interface=ether3-master-local add bridge=bridge-local interface=ether6-master-local /interface pptp-server server set enabled=yes max-mru=1300 max-mtu=1300 /ip address add address=10.0.0.1/24 comment="default configuration" interface=bridge-local \ network=10.0.0.0 /ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid interface=\ ether1-gateway add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \ interface=ether2-getaway use-peer-dns=no /ip dhcp-server lease add address=10.0.0.20 client-id=1:0:16:e6:8b:13:a0 mac-address=\ 00:16:E6:8B:13:A0 server=dhcp add address=10.0.0.21 client-id=1:0:1e:67:52:28:18 mac-address=\ 00:1E:67:52:28:18 server=dhcp add address=10.0.0.22 client-id=1:0:15:17:5e:61:78 mac-address=\ 00:15:17:5E:61:78 server=dhcp add address=10.0.0.25 client-id=1:24:a4:3c:ec:ac:86 mac-address=\ 24:A4:3C:EC:AC:86 server=dhcp add address=10.0.0.32 client-id=1:2:29:1:0:d:b mac-address=02:29:01:00:0D:0B \ server=dhcp add address=10.0.0.26 client-id=1:24:a4:3c:ec:a7:98 mac-address=\ 24:A4:3C:EC:A7:98 server=dhcp add address=10.0.0.27 client-id=1:4c:5e:c:ce:79:42 mac-address=\ 4C:5E:0C:CE:79:42 server=dhcp add address=10.0.0.24 client-id=1:0:0:0:4:44:44 mac-address=00:00:00:04:44:44 \ server=dhcp add address=10.0.0.33 client-id=1:2:cb:92:0:d:b mac-address=02:CB:92:00:0D:0B \ server=dhcp add address=10.0.0.49 client-id=1:6c:62:6d:4b:ac:56 mac-address=\ 6C:62:6D:4B:AC:56 server=dhcp add address=10.0.0.18 client-id=1:0:1e:67:6:32:84 mac-address=00:1E:67:06:32:84 \ server=dhcp /ip dhcp-server network add address=10.0.0.0/24 comment="default configuration" dns-server=\ 77.88.8.7,77.88.8.3 gateway=10.0.0.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8 /ip dns static add address=10.0.0.1 name=router /ip firewall address-list add address=10.0.0.32 list=NAS add address=10.0.0.22 list=NAS add address=10.0.0.33 list=NAS add address=10.0.0.21 disabled=yes list=NAS add address=10.0.0.18 disabled=yes list=NAS /ip firewall filter add chain=input dst-port=1723 protocol=tcp add chain=input protocol=gre add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=\ established,related add action=drop chain=input comment="default configuration" in-interface=\ ether1-gateway add action=fasttrack-connection chain=forward comment="default configuration" \ connection-state=established,related add chain=forward comment="default configuration" connection-state=\ established,related add action=drop chain=forward comment="default configuration" connection-state=\ invalid add action=drop chain=forward comment="default configuration" \ connection-nat-state=!dstnat connection-state=new in-interface=\ ether1-gateway add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=KVARC \ protocol=tcp add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=P-T-K \ protocol=tcp add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=KVARC \ protocol=udp add action=drop chain=input comment="Block DNS" dst-port=53 in-interface=P-T-K \ protocol=udp /ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=mark-NAS passthrough=\ no src-address-list=NAS add action=mark-connection chain=input disabled=no in-interface=P-T-K \ new-connection-mark=P-T-K-Input passthrough=no add action=mark-routing chain=output connection-mark=P-T-K-Input disabled=no \ new-routing-mark=P-T-K passthrough=no /ip firewall nat add action=masquerade chain=srcnat out-interface=KVARC add action=masquerade chain=srcnat out-interface=P-T-K add action=masquerade chain=srcnat out-interface=ether2-getaway add action=masquerade chain=srcnat src-address-list=NAS add action=netmap chain=dstnat dst-port=51413 protocol=tcp to-addresses=\ 10.0.0.32 to-ports=51413 add action=netmap chain=dstnat comment=PLEX dst-port=32400 protocol=tcp \ to-addresses=10.0.0.33 to-ports=32400 add action=netmap chain=dstnat comment=1C_SG dst-port=55389 protocol=tcp \ to-addresses=10.0.0.21 to-ports=3389 add action=dst-nat chain=dstnat comment=1C_BS dst-port=56389 protocol=tcp \ to-addresses=10.0.0.18 to-ports=3389 add action=dst-nat chain=dstnat comment=1C_BS dst-port=8081 protocol=tcp \ to-addresses=10.0.0.18 to-ports=8081 add action=dst-nat chain=dstnat comment=FTP dst-port=21 protocol=tcp \ to-addresses=10.0.0.22 to-ports=21 add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=81 protocol=tcp \ to-addresses=10.0.0.49 to-ports=80 add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4008 protocol=tcp \ to-addresses=10.0.0.49 to-ports=4008 add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4008 protocol=udp \ to-addresses=10.0.0.49 to-ports=4008 add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4012 protocol=tcp \ to-addresses=10.0.0.49 to-ports=4008 add action=dst-nat chain=dstnat comment=ELEKTRIKA dst-port=4012 protocol=udp \ to-addresses=10.0.0.49 to-ports=4008 add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=8000 protocol=tcp \ to-addresses=10.0.1.3 to-ports=8000 add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=10510 protocol=tcp \ to-addresses=10.0.1.3 to-ports=10510 add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=9000 protocol=tcp \ to-addresses=10.0.1.3 to-ports=9000 add action=netmap chain=dstnat comment=DVR_NIKOLAY dst-port=8080 protocol=tcp \ to-addresses=10.0.1.3 to-ports=8080 add action=netmap chain=dstnat comment=HTTP_NIKOLAY dst-port=82 protocol=tcp \ to-addresses=10.0.1.3 to-ports=81 add action=netmap chain=dstnat comment=LUZHKI_RVI dst-port=37778 protocol=tcp \ to-addresses=10.0.1.2 to-ports=37777 add action=netmap chain=dstnat comment=LUZHKI_PARADOX_HTTP dst-port=88 \ protocol=tcp to-addresses=10.0.1.2 to-ports=88 add action=netmap chain=dstnat comment=LUZHKI_DVR dst-port=34567 protocol=tcp \ to-addresses=10.0.1.2 to-ports=34567 add action=netmap chain=dstnat comment=LUZHKI_DVR_MOBI dst-port=34599 protocol=\ tcp to-addresses=10.0.1.2 to-ports=34599 add action=netmap chain=dstnat comment=LUZHKI_iPARADOX dst-port=10002 protocol=\ tcp to-addresses=10.0.1.2 to-ports=10000 /ip route add distance=1 gateway=P-T-K routing-mark=mark-NAS add disabled=no distance=1 gateway=P-T-K routing-mark=P-T-K /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ipv6 address add address=::e68d:8cff:fe2a:7931 eui-64=yes from-pool=kvarc interface=\ bridge-local /ipv6 dhcp-client add add-default-route=yes pool-name=kvarc request=prefix add add-default-route=yes disabled=yes pool-name=p-t-k request=prefix /ppp secret add local-address=10.0.0.1 name=dvr password=******* remote-address=10.0.1.3 \ service=pptp add local-address=10.0.0.1 name=rvi password=******* remote-address=10.0.1.2 \ service=pptp add local-address=10.0.0.1 name=kurkov password=******* remote-address=10.0.1.4 \ service=pptp add local-address=10.0.0.1 name=lenovo password=******* remote-address=10.0.1.5 \ service=pptp add local-address=10.0.0.1 name=iphone password=******* remote-address=10.0.1.6 \ service=pptp add local-address=10.0.0.1 name=test password=******* remote-address=10.0.1.20 \ service=pptp add local-address=10.0.0.1 name=tim password=******* remote-address=10.0.1.7 \ service=pptp