- Acesso remoto mikrotik
+ Responder ao Tópico
-
Acesso remoto mikrotik
Boa tarde, Tem duas semanas que eu configurei a minha RB para receber dois links com ip público.
Fiz isso para redirecionar tais clientes para sair por um determinado link.
Após fazer essa configuração perdi o acesso externo da minha RB.
Alguém pode me orientar o que devo fazer para continuar acessando a minha RB pelo ip público?
Obrigado!!
-
Re: Acesso remoto mikrotik
Ma era pra ter perdido o acesso, posta a regra pra ver.
-
Re: Acesso remoto mikrotik
Deixa o link que tem ip publico como gateway padrão, e acesse por ele.
-
Re: Acesso remoto mikrotik
Se voce consegue pingar o ip ainda tenta conectar via romom se ele estiver ativado uma forma de voce fazer o pessoal sair por links diferentes e ao invez de setar o ip de gateway seta a porta mas se voce fechou ele para externo totalmente ai so o romom mesmo para lhe ajudar ve se pelo menos a porta padrao 8291 esta aberta no ip que voce esta colocando
-
Re: Acesso remoto mikrotik
Boa noite, eu só tenho acesso a minha rb quando estou dentro da minha rede.
Segue as minhas configurações:
#
# model = 1100AHx2
# serial number = 47B90278B7B6
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="PAINEL_CFB_5 =======================\
==========================================================================\
==================="
set [ find default-name=ether2 ] comment="CASA ===============================\
==========================================================================\
=================="
set [ find default-name=ether3 ] comment="PAINEL_CFB_3 =======================\
==========================================================================\
==================="
set [ find default-name=ether4 ] comment="\\\\\\\\\\\\Rede Cabeada ===========\
==========================================================================\
================================="
set [ find default-name=ether5 ] comment=" RB2011=============================\
==========================================================================\
========================================================" speed=10Mbps
set [ find default-name=ether6 ] comment="PAINEL_CFB_1 =======================\
==========================================================================\
==========================" disabled=yes
set [ find default-name=ether7 ] comment="PAINEL_CFB_6 =======================\
==========================================================================\
================="
set [ find default-name=ether8 ] comment="PTP_ANDRE ==========================\
==========================================================================\
=================="
set [ find default-name=ether9 ] comment="ENTRADA LINK WL =================\
==========================================================================\
==================" name="ether9 "
set [ find default-name=ether10 ] comment=" " disabled=yes name="ether10 "
set [ find default-name=ether11 ] comment="REDE SV ==============\
==========================================================================\
===================="
set [ find default-name=ether12 ] comment="LINK_SE ========================\
==========================================================================\
==============="
set [ find default-name=ether13 ] disabled=yes loop-protect=off
/interface vlan
add disabled=yes interface=ether13 loop-protect=off name=vlan1 vlan-id=200
/ip neighbor discovery
set vlan1 discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=POOL_PPPOE ranges=172.255.0.2-172.255.0.254
/ppp profile
set *0 change-tcp-mss=default
add change-tcp-mss=yes local-address=172.255.0.1 name=PPPOE_cliente_ip \
only-one=yes remote-address=POOL_PPPOE use-compression=no use-encryption=\
yes use-mpls=no use-upnp=no
add address-list=pendencia name="10 megas 80.pendencia" rate-limit=\
"10000k/10000k 10000k/10000k 1000k/1000k 1000/1000 8 1000k/1000k" \
remote-address=POOL_PPPOE
add name="20 megas" rate-limit=10000k/20000k remote-address=POOL_PPPOE
add address-list=pendencia name="20 megas.pendencia" rate-limit=1000k/100k \
remote-address=POOL_PPPOE
add address-list=pendencia name="10 Megas 70.pendencia" rate-limit=\
"100k/100k 100k/100k 100k/100k 60/60 8 10k/10k" remote-address=POOL_PPPOE
add address-list=LINK_WL name="15 megas burst(WL)" rate-limit=\
"15000k/15000k 15000k/15000k 15000k/15000k 100/100 5 10000k/10000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name="15 megas.pendencia" rate-limit=\
"1000k/1000k 1000k/1000k 10k/10k 10/10 5 10k/10k" remote-address=\
POOL_PPPOE
add name=Inadimplentes only-one=yes rate-limit=1k/1k remote-address=\
POOL_PPPOE
add address-list=LINK_WL name="20 MEGA burst(WL)" rate-limit=\
"10000k/10000k 10000k/20000k 5000k/15000k 24/24 8 1000k/5000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name="20 MEGA burst.pendencia" rate-limit=\
"50k/50k 50k/50k 50k/50k 24/24 8 50k/50k" remote-address=POOL_PPPOE
add address-list=LINK_WL change-tcp-mss=yes name="10 MEGA burst(WL)" \
only-one=yes rate-limit=\
"3000k/5000k 10000k/10000k 4000k/6000k 24/24 8 1000k/2000k" \
remote-address=POOL_PPPOE use-compression=no use-encryption=yes use-mpls=\
no use-upnp=no
add address-list=pendencia name="10 MEGA burst.pendencia" rate-limit=\
"50k/50k 50k/50k 50k/50k 24/24 8 50k/50k" remote-address=POOL_PPPOE
add address-list=LINK_SE change-tcp-mss=yes name="10 MEGA burst(SE)" \
rate-limit="3000k/5000k 10000k/10000k 4000k/6000k 24/24 8 1000k/2000k" \
remote-address=POOL_PPPOE use-compression=no use-encryption=yes use-mpls=\
no use-upnp=no
add address-list=LINK_SE name="15 megas burst(SE)" rate-limit=\
"15000k/15000k 15000k/15000k 15000k/15000k 100/100 5 10000k/10000k" \
remote-address=POOL_PPPOE
add address-list=LINK_SE name="20 MEGA burst(SE)" rate-limit=\
"10000k/10000k 10000k/20000k 5000k/15000k 24/24 8 1000k/5000k" \
remote-address=POOL_PPPOE
add address-list=LINK_SE change-tcp-mss=yes name="PLANO_ADMINISTRADOR(SE)" \
only-one=yes remote-address=POOL_PPPOE use-compression=no use-encryption=\
yes use-mpls=no use-upnp=no
add address-list=pendencia name="15 megas burst(WL).pendencia" rate-limit=\
"15000k/15000k 15000k/15000k 15000k/15000k 100/100 5 10000k/10000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name=Inadimplentes.pendencia rate-limit=1k/1k \
remote-address=POOL_PPPOE
add address-list=pendencia name="20 MEGA burst(WL).pendencia" rate-limit=\
"10000k/10000k 10000k/20000k 5000k/15000k 24/24 8 1000k/5000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name="10 MEGA burst(WL).pendencia" rate-limit=\
"3000k/5000k 10000k/10000k 4000k/6000k 24/24 8 1000k/2000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name="10 MEGA burst(SE).pendencia" rate-limit=\
"3000k/5000k 10000k/10000k 4000k/6000k 24/24 8 1000k/2000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name="15 megas burst(SE).pendencia" rate-limit=\
"15000k/15000k 15000k/15000k 15000k/15000k 100/100 5 10000k/10000k" \
remote-address=POOL_PPPOE
add address-list=pendencia name="20 MEGA burst(SE).pendencia" rate-limit=\
"10000k/10000k 10000k/20000k 5000k/15000k 24/24 8 1000k/5000k" \
remote-address=POOL_PPPOE
/interface pptp-client
add connect-to=52.67.11.77 disabled=no name=Mikweb2 password=\
3e67684e2debc9807c0c41da3451afbb65a3fe69 profile=Mikweb user=CFB
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 write-access=yes
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
add name=Mikweb remote=177.71.255.13 remote-port=10500 src-address=\
10.245.106.187 target=remote
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface="ether10 "
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface l2tp-server server
set enabled=yes ipsec-secret=rar use-ipsec=yes
/interface pppoe-server server
add authentication=pap,chap default-profile=PPPOE_cliente_ip disabled=no \
interface=bridge1 max-mru=1480 max-mtu=1480 one-session-per-host=yes \
service-name=service11
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=45.70.164.162/29 interface="ether9 " network=45.70.164.160
add address=170.84.51.250/30 interface=ether12 network=170.84.51.248
/ip cloud
set ddns-enabled=yes
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=172.255.0.2-172.255.0.254 comment=PPPoEClientes list=PPPoE
add address=177.71.0.0/16 list=MikWeb
add address=54.231.18.0/23 list=MikWeb
add address=54.231.0.0/17 list=MikWeb
add address=54.233.128.0/17 list=MikWeb
add address=52.67.0.0/16 list=MikWeb
add address=205.251.0.0/16 list=MikWeb
add address=18.231.24.244 list=MikWeb
/ip firewall filter
add action=drop chain=input comment="Bloqueio acesso externo DNS" \
connection-state=new dst-port=53 in-interface="ether9 " protocol=udp
add action=drop chain=forward connection-state=new dst-port=53 in-interface=\
"ether9 " protocol=udp
add action=drop chain=input comment=\
"Bloqueio da porta(21 22 23 )externa FTP ,SSH ,TELNET" dst-port=21 \
in-interface="ether9 " protocol=tcp
add action=drop chain=input comment=\
"Bloqueio da porta(21 22 23 )externa FTP ,SSH ,TELNET" dst-port=23 \
in-interface="ether9 " protocol=tcp
add action=drop chain=input comment=\
"Bloqueio da porta(21 22 23 )externa FTP ,SSH ,TELNET" dst-port=22 \
in-interface="ether9 " protocol=tcp
add action=drop chain=forward comment="Bloqueio Range" src-address=\
179.124.0.0/24
add action=drop chain=forward comment="Bloqueio Range" src-address=\
186.214.0.0/24
add action=drop chain=forward comment="Bloqueio Range" src-address=\
115.248.0.0/24
add action=drop chain=forward comment="Bloqueio Range" src-address=\
41.79.0.0/24
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=LINK_WL passthrough=no src-address-list=LINK_WL
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=LINK_SE passthrough=no src-address-list=LINK_SE
add action=mark-connection chain=prerouting comment=\
/ip firewall nat
add action=masquerade chain=srcnat comment="MASCARAMENTO CENTRAL DA REDE" \
out-interface="ether9 "
add action=masquerade chain=srcnat comment="MASCARAMENTO CENTRAL DA REDE" \
out-interface=ether12
add action=accept chain=dstnat comment="Accept MikWeb" src-address-list=\
MikWeb
add action=dst-nat chain=dstnat comment=Bloqueio-UDP dst-address-list=!MikWeb \
dst-port=!53 protocol=udp src-address-list=bloqueio to-addresses=\
177.71.255.13 to-ports=3868
add action=dst-nat chain=dstnat comment=Bloqueio-TCP dst-address-list=!MikWeb \
protocol=tcp src-address-list=bloqueio to-addresses=177.71.255.13 \
to-ports=3868
add action=dst-nat chain=dstnat comment=Pendencia-UDP dst-address-list=\
!MikWeb dst-port=!53 protocol=udp src-address-list=pendencia \
to-addresses=177.71.255.13 to-ports=3867
add action=dst-nat chain=dstnat comment=Pendencia-TCP dst-address-list=\
!MikWeb protocol=tcp src-address-list=pendencia to-addresses=\
177.71.255.13 to-ports=3867
add action=masquerade chain=srcnat disabled=yes
/ip route
add check-gateway=ping distance=1 gateway=45.70.164.161 routing-mark=LINK_WL
add check-gateway=ping distance=2 gateway=170.84.51.249 routing-mark=LINK_SE
add distance=1 dst-address=52.67.11.77/32 gateway=45.70.164.161
/ip service
set ftp address=0.0.0.0/0
set api address=0.0.0.0/0
/ip socks
set enabled=yes port=51372
/ppp aaa
set interim-update=1m use-circuit-id-in-nas-port-id=yes use-radius=yes
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=*2
/radius
add address=177.87.240.34 disabled=yes secret=sagatiba service=ppp timeout=\
1s800ms
add address=47.75.230.175 secret=test service=ppp
add address=47.75.230.175 secret=test service=ppp
/radius incoming
set accept=yes
/snmp
set enabled=yes
/system clock
set time-zone-name=America/Fortaleza
/system identity
set name=CFB
/system logging
add action=Mikweb prefix="1000 1078-2523" topics=hotspot,account
add action=Mikweb prefix="1001 1078-2523" topics=pppoe,ppp,info,account
/system ntp client
set enabled=yes primary-ntp=200.160.7.186
/system scheduler
add interval=10m name="Atualizar IP" on-event=atualizar_ip policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
add interval=5m name="Verificar Disponibilidade MikWeb" on-event=\
verificar_disponibilidade_mikweb policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
add interval=2h name=a on-event=ip policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add name=atualizar_ip owner=mikweb2 policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/tool f\
etch address="ip.mikweb.com.br" src-path="atualizar_ip_publico/B010AE84\
4D1C9166110CC0A88EB657BD" dst-path=("/") mode=http"
add name=verificar_disponibilidade_mikweb owner=mikweb policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
i [ping 177.71.255.13 count=20];\
\n :if (\$i = 0) \
\n do={ /ip firewall nat disable [find src-address-l\
ist='pendencia'];\
\n /ip firewall nat disable [find src-address-l\
ist='bloqueio']\
\n }else={ /ip firewall nat enable [find src-address-li\
st='pendencia' disabled=yes];\
\n /ip firewall nat enable [find src-address-li\
st='bloqueio' disabled=yes]\
\n };"
add name=ip owner=admin policy=\
reboot,read,write,policy,test,password,sniff,sensitive source="{/tool fetc\
h url=("http://www.boss-ip.com/Core/Update.ashx\\\?key=5bc24d5c0d21bf27&a\
ction=upload&sncode=8C335918304ACCA25B7AE2B6FC77D74C&dynamic=static") ke\
ep-result=no}"
-
Re: Acesso remoto mikrotik
cfb eu verifiquei aqui acessa normal externamente sua RB, testei aqui e sua RB atualmente as 9:26 tem 162 pppoe conectados com uma media de 140 mb de trafego entao ta funcionando normal nao entendi qual seu problema
-
Re: Acesso remoto mikrotik
Eu consegui resolver o problema!! Eu criei uma rota recursive apontando para o meu Gateway e funcionou.
Obrigado a todos!!
-