Boa tarde pessoal.
tenho uma RB que gerencia 2 locais distintos, porem agora surgiu a necessidade da rede 1 acessar um ip da rede 2.
Porem o ip da rede 1 é 10.20.0.0/24 e da rede 2 é 192.168.1.0/24.
Gostaria de saber se é possível a comunicação entre elas pois faremos o compartilhamento de algumas coisas.
-
08-08-2018, 16:04 #1
- Ingresso
- Dec 2016
- Posts
- 22
Acessar classes de ips diferentes
-
08-08-2018, 23:32 #2
- Ingresso
- Apr 2011
- Posts
- 32
Re: Acessar classes de ips diferentes
na rb 1 adicione a regra
/ip route add dst-address=192.168.1.0/24 gateway=(ip da rb 2)
e na rb 2 adicione essa regra
/ip route add dst-address=10.20.0.0/24 gateway=(ip da rb 1)
ja é para uma rede pingar a outra
-
09-08-2018, 05:44 #3
- Ingresso
- Aug 2011
- Localização
- LinoX Informática
- Posts
- 223
Re: Acessar classes de ips diferentes
(ele tem 1 rb que gerencia duas redes) acredito que não precise fazer nada as duas redes estão no mesmo gateway.
Postado originalmente por baixinho930
-
09-08-2018, 09:48 #4
- Ingresso
- Dec 2016
- Posts
- 22
Re: Acessar classes de ips diferentes
Bom dia amigo, acabo de fazer a configuração mas infelizmente continua com o problema. Postado originalmente por baixinho930
-
09-08-2018, 09:58 #5
- Ingresso
- Nov 2016
- Posts
- 1.432
Re: Acessar classes de ips diferentes
Se a RB é gateway dos dois lados, é só não ter nat em nenhum dos dois que ela vai fazer o meio de campo.
-
09-08-2018, 12:10 #6
- Ingresso
- Apr 2011
- Posts
- 32
Re: Acessar classes de ips diferentes
Essa rede esta sendo fechada por uma VPN, envie mais informações de como esta ligado.
-
10-08-2018, 12:43 #7
- Ingresso
- Dec 2016
- Posts
- 22
Re: Acessar classes de ips diferentes
Esta tudo na mesma RB. Lan1: 10.20.0..0 e Lan2 192.168.1.1 o engraçado é que tenho uma maquina que esta com um ip fora do pool e ela conecta normalmente (ping, acesso pelo navegador) mas só por essa maquina que esta fora do pool. Postado originalmente por baixinho930
As maquinas que estão dentro do pool 10.20.0. não acessam a rede 192.168
-
10-08-2018, 12:45 #8
- Ingresso
- Dec 2016
- Posts
- 22
Re: Acessar classes de ips diferentes
Pesei isso tbm, mas não funcionou. Postado originalmente por fhayashi
-
12-08-2018, 01:08 #9
- Ingresso
- Apr 2011
- Posts
- 32
Re: Acessar classes de ips diferentes
.Se esta tudo na mesma rb esquece a regra que te enviei, você colocando gateway nos equipamentos que estao na rede 10.20.0.0/24 e 192.168.1.0/24, voce vai ter acesso normalmente se estiver tanto na rede 1 como na rede 2
Ex: Pc1 ip - 10.20.0.2
gateway- 10.0.20.1
Pc2 ip - 192.168.100.2
gateway- 192.168.100.1
Se voce tiver um pc3 com o ip 192.168.100.100/24 com gateway 192.168.100.1, voce vai ter ping no pc1 e no pc2 normalmente, se caso esse mesmo pc3 estiver com um ip 10.20.0.100/24 com gateway 10.20.0.1, vai continuar pingando o pc1 e pc2
-
14-08-2018, 09:07 #10
- Ingresso
- Dec 2016
- Posts
- 22
Re: Acessar classes de ips diferentes
Imaginei que fosse funcionar de primeira tbm, mas por algum motivo não acessa. Postado originalmente por baixinho930
-
15-08-2018, 11:33 #11
- Ingresso
- Apr 2011
- Posts
- 32
Re: Acessar classes de ips diferentes
Envie a configuração da rb para dar uma olhada.
-
17-08-2018, 12:36 #12
- Ingresso
- Dec 2016
- Posts
- 22
Segue: Postado originalmente por baixinho930
# aug/17/2018 12:25:26 by RouterOS 6.42.6
# software id = FRYX-W7PM
#
# model = RouterBOARD 3011UiAS
# serial number = 719F068953D9
/interface bridge
add fast-forward=no name="bridge1 - APs"
/interface ethernet
set [ find default-name=ether1 ] name="ether1 - Cabo DHCP Cliente"
set [ find default-name=ether2 ] name="ether2 - AP4 - 4 Andar"
set [ find default-name=ether3 ] name="ether3 - AP1"
set [ find default-name=ether4 ] name="ether4 - AP2"
set [ find default-name=ether5 ] name="ether5 - AP3"
set [ find default-name=ether6 ] name="ether6 - LAN"
set [ find default-name=ether8 ] name="ether8 - 4\BA Andar"
set [ find default-name=ether9 ] name="ether9 - GP"
set [ find default-name=ether10 ] name="ether10 - Mundivox"
/interface vlan
add interface="bridge1 - APs" name="vlan1 - Wappa" vlan-id=10
add interface="bridge1 - APs" name="vlan2 - Wappa-BYOD" vlan-id=11
add interface="bridge1 - APs" name="vlan3 - Wappa-Visitante" vlan-id=12
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MK_WappaVO
/ip firewall layer7-protocol
add name=Torrent regexp=utorrent.com
add comment="Bloqueio Torrent" name=L7-Torrent regexp="^(\\x13bittorrent proto\
col|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get \
/client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=thepiratebay regexp=thepiratebay
/ip pool
add name="dhcp_pool1 - LAN" ranges=10.20.0.30-10.20.0.254
add name="dhcp_pool2 - Wappa" ranges=10.10.10.2-10.10.10.254
add name="dhcp_pool3 - WappaByod" ranges=10.10.11.2-10.10.11.254
add name="dhcp_pool4 - Visitante" ranges=192.168.12.2-192.168.12.254
add name="dhcp_pool6 - 4\BA Andar" ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool="dhcp_pool1 - LAN" authoritative=after-2sec-delay disabled=\
no interface="ether6 - LAN" lease-time=7h10m name=dhcp1
add address-pool="dhcp_pool2 - Wappa" authoritative=after-2sec-delay \
disabled=no interface="vlan1 - Wappa" name=dhcp2
add address-pool="dhcp_pool3 - WappaByod" authoritative=after-2sec-delay \
disabled=no interface="vlan2 - Wappa-BYOD" name=dhcp3
add address-pool="dhcp_pool4 - Visitante" authoritative=after-2sec-delay \
disabled=no interface="vlan3 - Wappa-Visitante" name=dhcp4
add address-pool="dhcp_pool6 - 4\BA Andar" authoritative=after-2sec-delay \
disabled=no interface="ether8 - 4\BA Andar" lease-time=12h name=dhcp6
/ppp profile
add local-address=10.20.0.1 name=VPN
/queue simple
add disabled=yes limit-at=10M/10M max-limit=10M/10M name=queue1 target=\
"vlan2 - Wappa-BYOD"
add limit-at=5M/5M max-limit=5M/5M name=queue2 target=\
"vlan3 - Wappa-Visitante"
add limit-at=5M/5M max-limit=5M/5M name="queue4 - Cameras" target=\
10.20.0.14/32
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
add name=gestorlog remote=10.20.0.15 target=remote
/interface bridge port
add bridge="bridge1 - APs" hw=no interface="ether3 - AP1"
add bridge="bridge1 - APs" hw=no interface="ether4 - AP2"
add bridge="bridge1 - APs" hw=no interface="ether5 - AP3"
add bridge="bridge1 - APs" hw=no interface="ether2 - AP4 - 4 Andar"
add bridge="bridge1 - APs" hw=no interface="ether1 - Cabo DHCP Cliente"
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=177.194.155.02/30 interface="ether10 - Mundivox" network=\
179.191.107.96
add address=10.20.0.1/24 interface="ether6 - LAN" network=10.20.0.0
add address=10.10.10.1/24 interface="vlan1 - Wappa" network=10.10.10.0
add address=10.10.11.1/24 interface="vlan2 - Wappa-BYOD" network=10.10.11.0
add address=192.168.12.1/24 interface="vlan3 - Wappa-Visitante" network=\
192.168.12.0
add address=182.135.17.15/29 interface="ether9 - GP" network=189.126.197.24
add address=192.168.1.1/24 interface="ether8 - 4\BA Andar" network=\
192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=10.20.0.96 client-id=1:ec:8:6b:c1:be:f mac-address=\
EC:08:6B:C1:BE:0F server=dhcp1
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=10.20.0.7,10.20.0.11 gateway=10.10.10.1
add address=10.10.11.0/24 dns-server=10.20.0.7,10.20.0.11,8.8.8.8 gateway=\
10.10.11.1
add address=10.20.0.0/24 dns-server=10.20.0.7,10.20.0.11 gateway=10.20.0.1
add address=192.168.1.0/24 dns-server=\
179.191.90.20,179.191.80.21,10.20.0.11,10.20.0.7 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=8.8.8.8,10.20.0.11 gateway=192.168.2.1
add address=192.168.12.0/24 dns-server=8.8.8.8,10.20.0.11 gateway=\
192.168.12.1
/ip dns
set allow-remote-requests=yes servers=10.20.0.7,10.20.0.11
/ip firewall filter
add action=accept chain=forward dst-address=192.168.1.5 dst-port="" protocol=\
tcp src-address=0.0.0.0/0 src-port=""
add action=drop chain=forward comment=Drop_torrent layer7-protocol=Torrent
add action=drop chain=forward layer7-protocol=thepiratebay
add action=drop chain=forward layer7-protocol=L7-Torrent
add action=accept chain=forward comment=\
"Acesso a rede 20.0 (AD 1 e 2, Impressora, OCS, TV, Switch e Ponto)" \
dst-address=10.20.0.2 src-address=10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.3 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.4 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.7 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.11 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.112 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.90 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.17 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.15 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.30 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.23 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.15 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=10.20.0.14 src-address=\
10.10.10.0/24
add action=accept chain=forward dst-address=192.168.1.10 src-address=\
10.10.10.0/24
add action=accept chain=forward comment="Acesso ao servidor DNS p/ rede BYOD" \
dst-address=10.20.0.7 src-address=10.10.11.0/24
add action=accept chain=forward dst-address=10.20.0.11 src-address=\
10.10.11.0/24
add action=accept chain=forward comment=\
"Acesso p/ autentica\E7\E3o no hotspot. (Server 07). da rede Visitante" \
dst-address=10.20.0.7 src-address=192.168.12.0/24
add action=accept chain=forward comment=\
"Acesso da rede 4 \BA Andar p/ autentica\E7\E3o no OCS e AD" dst-address=\
10.20.0.23 src-address=192.168.1.0/24
add action=accept chain=forward dst-address=10.20.0.7 src-address=\
192.168.1.0/24
add action=accept chain=forward dst-address=10.20.0.11 src-address=\
192.168.1.0/24
add action=drop chain=forward comment="Drop da rede Wappa p/ outras redes." \
dst-address=10.20.0.0/24 src-address=10.10.10.0/24
add action=drop chain=forward dst-address=10.10.11.0/24 src-address=\
10.10.10.0/24
add action=drop chain=forward dst-address=192.168.12.0/24 src-address=\
10.10.10.0/24
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=\
10.10.10.0/24
add action=drop chain=forward comment="Drop da rede BYOD p/ outras redes." \
dst-address=10.20.0.0/24 src-address=10.10.11.0/24
add action=drop chain=forward dst-address=10.10.10.0/24 src-address=\
10.10.11.0/24
add action=drop chain=forward dst-address=192.168.12.0/24 src-address=\
10.10.11.0/24
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=\
10.10.11.0/24
add action=drop chain=forward comment=\
"Drop de rede Visitante p/ outras redes." dst-address=10.20.0.0/24 \
src-address=192.168.12.0/24
add action=drop chain=forward dst-address=10.10.10.0/24 src-address=\
192.168.12.0/24
add action=drop chain=forward dst-address=10.10.11.0/24 src-address=\
192.168.12.0/24
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=\
192.168.12.0/24
add action=drop chain=forward comment=\
"Drop da rede 4\BA Andar p/ outras redes." dst-address=10.10.10.0/24 \
src-address=192.168.1.0/24
add action=drop chain=forward dst-address=10.10.11.0/24 src-address=\
192.168.1.0/24
add action=drop chain=forward dst-address=10.20.0.0/24 src-address=\
192.168.1.0/24
add action=drop chain=forward dst-address=192.168.12.0/24 src-address=\
192.168.1.0/24
/ip firewall mangle
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-connection chain=prerouting comment="CONTROLE P2P" \
new-connection-mark=conn-p2p p2p=all-p2p passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=\
"Mascaramento (p/ acesso a internet)" out-interface="ether10 - Mundivox"
add action=masquerade chain=srcnat out-interface="ether9 - GP"
add action=dst-nat chain=dstnat comment=\
"Cameras 11\BA andar, acesso externo." dst-port=37777 protocol=tcp \
to-addresses=10.20.0.14 to-ports=37777
add action=dst-nat chain=dstnat dst-port=554 protocol=tcp to-addresses=\
10.20.0.14 to-ports=554
add action=dst-nat chain=dstnat dst-port=9000 protocol=tcp to-addresses=\
10.20.0.14 to-ports=9000
/ip route
add distance=2 gateway=189.126.197.25 routing-mark=Tabela-GP
add distance=1 gateway=179.191.107.97
add distance=2 gateway=189.126.197.25
/ip route rule
add disabled=yes src-address=192.168.12.0/24 table=Tabela-GP
add src-address=10.10.11.0/24 table=Tabela-GP
add src-address=192.168.2.0/24 table=Tabela-GP
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=MK_WappaVO
/system logging
add action=gestorlog prefix=GestorLog topics=account
/system ntp client
set enabled=yes primary-ntp=200.160.7.186 secondary-ntp=201.49.148.135
/system routerboard settings
set silent-boot=no
/system scheduler
add interval=1d name=Backup on-event=Backup policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
mar/28/2017 start-time=10:20:00
add interval=1d name=Log on-event=Log policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
mar/28/2017 start-time=10:20:00
/system script
add name=Backup owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Scrip\
t de Backup\r\
\n\r\
\n/system backup save name=BKPMKT.backup\r\
\n:delay 2s\r\
\n:global data [/system clock get date]\r\
\n:global hora [/system clock get time]\r\
\n/tool e-mail send to="email@email" subject="Mikrotik: B\
ackup Automatico realizado em \$data as \$hora" file="BKPMKT.backup" bo\
dy="Em anexo, arquivo de backup do equipamento RB3011 realizado as \$hora\
\_de \$data.""
add name=Log owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Scrip\
t de Log\r\
\n\r\
\n/log print file=LOGMKT.txt\r\
\n:delay 2s\r\
\n:global data [/system clock get date]\r\
\n:global hora [/system clock get time]\r\
\n/tool e-mail send to="email.@email" subject="Mikrotik: L\
og Automatico realizado em \$data as \$hora" file="LOGMKT.txt" body="E\
m anexo, arquivo de log do equipamento RB3011 realizado realizado as \$hor\
a de \$data.""
/tool e-mail
set address=smtp.gmail.com password=GA2jYFCGx1jj port=587 start-tls=yes user=\
email@email
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
Citação