Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
EXPORT DA RB 1100 AHX2
[admin@ROTEADOR] > export
# jan/05/2017 00:53:19 by RouterOS 6.37.3
# software id = 64B0-P9FN
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] mac-address=4C:5E:0C:F3:C8:C5 name=ether1-LINK
set [ find default-name=ether2 ] mac-address=4C:5E:0C:F3:C8:C6 name=ether2-MKAUTH
set [ find default-name=ether3 ] mac-address=4C:5E:0C:F3:C8:C7 name=ether3-LAN-1
set [ find default-name=ether4 ] mac-address=4C:5E:0C:F3:C8:C8 name=ether4-LAN-2
set [ find default-name=ether5 ] mac-address=4C:5E:0C:F3:C8:C9 name=ether5-LAN
set [ find default-name=ether6 ] mac-address=4C:5E:0C:F3:C8:CA
set [ find default-name=ether7 ] mac-address=4C:5E:0C:F3:C8:CB
set [ find default-name=ether8 ] mac-address=4C:5E:0C:F3:C8:CC
set [ find default-name=ether9 ] mac-address=4C:5E:0C:F3:C8:CD
set [ find default-name=ether10 ] mac-address=4C:5E:0C:F3:C8:CE
set [ find default-name=ether11 ] mac-address=4C:5E:0C:F3:C8:CF
set [ find default-name=ether12 ] mac-address=4C:5E:0C:F3:C8:D0
set [ find default-name=ether13 ] mac-address=4C:5E:0C:F3:C8:D1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=Local-1 ranges=20.1.0.2-20.1.0.254
add name=Remoto-1 ranges=20.0.0.1-20.0.0.254
add name=pgcorte ranges=10.3.0.1-10.3.0.254
add name=Local-2 ranges=30.1.0.2-30.1.0.254
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,200.175.182.139 local-address=20.0.0.1 name=PPOE remote-address=Remoto-1 use-compression=no use-encryption=no use-mpls=no \
use-upnp=yes
add change-tcp-mss=yes dns-server=200.175.182.139,8.8.8.8 local-address=30.0.0.1 name=PPOE2 remote-address=Local-2 use-compression=no use-encryption=no use-mpls=no \
use-upnp=yes
/snmp community
set [ find default=yes ] addresses=172.31.255.2/32
/interface bridge port
add bridge=bridge1 interface=ether1-LINK
add bridge=bridge1 interface=ether3-LAN-1
/interface pppoe-server server
add authentication=chap default-profile=PPOE disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=servidor-ppoe-1
add authentication=chap default-profile=PPOE disabled=no interface=ether4-LAN-2 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=servidor-ppoe-2
/ip address
add address=172.31.255.1/16 interface=ether2-MKAUTH network=172.31.0.0
add address=192.168.25.200/24 interface=ether1-LINK network=192.168.25.0
add address=192.168.4.1/24 interface=ether3-LAN-1 network=192.168.4.0
/ip cloud
set update-time=no
/ip dns
set max-udp-packet-size=512 servers=200.175.182.139,200.175.5.139,8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.2.5.254 comment=ssh_corte_roteadorcentral list=pgcorte
add address=201.77.202.128/27 list=FERRAGISTA
add address=186.251.26.128/26 list=FERRAGISTA
add address=200.219.234.34 list=FERRAGISTA
add address=200.250.108.102 list=FERRAGISTA
/ip firewall filter
add action=accept chain=forward
add action=drop chain=forward comment=CORTE dst-port=!53 protocol=udp src-address-list=pgcorte
add action=drop chain=forward comment=CORTE dst-port=!80,85,443,445 protocol=tcp src-address-list=pgcorte
add action=drop chain=input comment="CONTRA INVASAO FTP" dst-port=21 protocol=tcp
/ip firewall mangle
add action=change-mss chain=postrouting comment="Altera MSS =======Speedy=======" new-mss=1440 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1441-1500
add action=change-dscp chain=prerouting comment="Zera DSCP 10 =======Speedy=======" disabled=yes dscp=10 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 12 =======Speedy=======" disabled=yes dscp=12 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 16 =======Speedy=======" disabled=yes dscp=16 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 18 =======Speedy=======" disabled=yes dscp=18 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 46 =======Speedy=======" disabled=yes dscp=46 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 56 =======Speedy=======" disabled=yes dscp=56 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 48 =======Speedy=======" disabled=yes dscp=48 in-interface=ether1-LINK new-dscp=0 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=MASCARAMENTO
add action=dst-nat chain=dstnat comment=CORTE_HTTPS dst-address=!172.31.255.2 dst-port=443 protocol=tcp src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=445
add action=dst-nat chain=dstnat comment=CORTE_HTTP dst-address=!172.31.255.2 dst-port=80 protocol=tcp src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
add action=dst-nat chain=dstnat comment="ACESSO REMOTO MKAUTH" dst-port=10000 protocol=tcp to-addresses=172.31.255.2 to-ports=10000
add action=dst-nat chain=dstnat comment="ACESSO REMOTO RADIO GOIANIA" dst-port=9001 protocol=tcp to-addresses=192.168.25.2 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO REMOTO RB CENTRAL" dst-port=9005 protocol=tcp to-addresses=192.168.25.200 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO REMOTO RB CENTRAL" dst-port=9004 protocol=tcp to-addresses=192.168.25.200 to-ports=80
add action=dst-nat chain=dstnat comment="ACESSO RADIO RECEBE GOIANIA" dst-port=9004 protocol=tcp to-addresses=192.168.25.3 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO RADIO MANDA PARA CIDADE" dst-port=9002 protocol=tcp to-addresses=192.168.25.4 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO RADIO RECEBE CIDADE" dst-port=9003 protocol=tcp to-addresses=192.168.25.5 to-ports=8291
/ip route
add distance=2 gateway=192.168.25.1
/ip service
set telnet address=172.31.255.2/32
set ftp address=172.31.255.2/32
set ssh address=172.31.255.2/32
set www-ssl disabled=no
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-LINK type=external
add interface=ether3-LAN-1 type=internal
add interface=ether4-LAN-2 type=internal
/ppp aaa
set interim-update=4w2d use-radius=yes
/ppp secret
add name=teste password=teste profile=PPOE remote-address=20.0.0.110 service=pppoe
add name=semlimite password=semlimite profile=PPOE remote-address=20.0.0.180 service=pppoe
/radius
add address=172.31.255.2 secret=123456 service=ppp
/radius incoming
set accept=yes
/snmp
set [email protected] enabled=yes location=Brazil
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=ROTEADOR
/system resource irq rps
set ether1-LINK disabled=no
set ether2-MKAUTH disabled=no
set ether3-LAN-1 disabled=no
set ether4-LAN-2 disabled=no
set ether5-LAN disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether8 disabled=no
set ether9 disabled=no
set ether10 disabled=no
set ether11 disabled=no
/system routerboard settings
set protected-routerboot=disabled
/system script
add name=script1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/system scheduler add interval=45m name=ler_dhcp on-event=\":execute\
\_script=ler_dhcp;\"\r\
\n/system script add name=ler_dhcp source=\"#===============================\\r\\\r\
\n \\n:global IPMKAUTH \\\"172.31.255.2\\\"; \\r\\\r\
\n \\n:global KEY \\\"key_api\\\"; \\r\\\r\
\n \\n:global RAMAL \\\"todos\\\";\\r\\\r\
\n \\n:global done \\\"\\\";\\r\\\r\
\n \\n/tool fetch mode=http url=\\\"http://\\\$IPMKAUTH/api/mkt_dhcp.php\\\\\\\?key=\\\$KEY&ramal=\\\$RAMAL\\\" src-path=mkt_dhcp.php dst-path=mkt_dhcp.rsc;\\r\\\r\
\n \\n:set done \\\"true\\\";\\r\\\r\
\n \\n\\r\\\r\
\n \\n:if ( [/file find name=mkt_dhcp.rsc] != \\\"\\\" ) do={\\r\\\r\
\n \\n :log warning \\\"Importando DHCP\\\";\\r\\\r\
\n \\n /import mkt_dhcp.rsc;\\r\\\r\
\n \\n /file remove mkt_dhcp.rsc;\\r\\\r\
\n \\n}\\r\\\r\
\n \\n\""
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool romon port
add
[admin@ROTEADOR] >
Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
faz um port forward em todas as portas para o ip que recebe na maquininha e faz na Rb Central também
Enviado via SM-G530BT usando UnderLinux App
Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
Me explica melhor ai amigo, quer que eu faça um FORWARD no FIREWWAL com ORIGEM do meu roteador do LINK para O IP NO MEU CLIENTE que no caso é o roteador dele que faz a conexao PPOE .... é isso ?
Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
Amigo ja que sua rede é toda cabeada, pode conferir se do ativo até o cliente o cabo nao utrapassa os 100 metros, pois se utrapassar, os pacote pode começar a fragmentar, faça um ping de dentro da RB para o cliente com o peso de 1500 e marque o checkbox para nao fragmentar.
Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
Rsrs ... esse negocio ta virando misterio viu .... meu amigo isso não tem a ver com distancia de cabo por que em Bridgh funciona e eles rodam legal em ppoe tbm .... unica coisa que nao roda é a maquina de cartão ... obrigado
Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
Resolvido amigos, obrigado pela participação, resetei minha RB principal, reconfigurei do zero e vi que era uma porta que estava em uso para outra coisa e que usava para o sistema da CIELO ... valeu !
Re: Não sei liberar ip pra maquina de cartao no mikrotik !!! Me ajude por favor
Citação:
Postado originalmente por
ArthurNet
Resolvido amigos, obrigado pela participação, resetei minha RB principal, reconfigurei do zero e vi que era uma porta que estava em uso para outra coisa e que usava para o sistema da CIELO ... valeu !
Achei que você tinha falado que usava IP público para o cliente...
Enviado via XT1580 usando UnderLinux App