Olá amigos da Under Linux, sou novo na área do MK estou com uma dúvida para ligar ele ao IPCop.

Para ligar os dois usei a seguinte configuração:

ip address add address=192.168.0.1 netmask=255.255.0.0 interface=ether1 comment=”IP LAN”
ip address add address=192.168.3.1 netmask=255.255.0.0 interface=ether2 comment="IP Internet"
ip route add dst-address=0.0.0.0/0 gateway=192.168.3.2 scope=255 target-scope=10 comment="MT Gateway IPCop" disabled=no
ip dns set primary-dns=192.168.0.1 secondary-dns=192.168.3.2 allow-remote-requests=yes

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.3.2 to-ports=80 comment="IPCop"
ip firewall nat add chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.168.3.2 to-ports=80 comment="Https IPCop"
ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.3.2 to-ports=878
ip firewall nat add chain=dstnat src-address=!192.168.0.0/24 protocol=tcp dst-port=443 action=dst-nat to-addresses=192.168.3.2 to-ports=878
ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=masquerade
ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

ip firewall mangle add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes
ip firewall mangle add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no
ip firewall mangle add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes
ip firewall mangle add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no
ip firewall mangle add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no
ip firewall mangle add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no
ip firewall mangle add chain=forward dst-address=192.168.3.2 action=mark-connection new-connection-mark=ipcop

ip firewall filter add chain=input
dst-port=20,21,22,25,80,88,110,119,137-139,443,445 protocol=tcp src-mac=<mac-address> action=accept

ip firewall filter add chain=input dst-port=993,995,989,990,1723,8080,8291,3128 protocol=tcp src-mac=<mac-address> action=accept

queue simple add name=”IPCop” packet-mark=ipcop-pkt
queue simple add name=”Squid_HIT” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
queue simple add name=”Main_Link” dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small
queue simple add name=”Ping_queue” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total=queue=default-small
queue simple add name=”Other_Port” target-adresses=192.168.3.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-smal/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small
queue simple add name=”Another_Port” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small

—- Mikrotik Configuration Finish —-

src-mac=<mac-address> you can change with src-address-list
Above scripts is mixing have i read, links … i’m forgot … sorry.

Now, you install the IPCop, and configure using the GREEN + RED network configurations.
The GREEN IP means your LAN side, the RED IP means your WAN side (connect to internet / modem )
In this example: Fill-up the GREEN IP with : 192.168.3.2 and RED IP with : 192.168.1.110

Don’t forget to set the Primary and Secondary DNS same with Mikrotik DNS set, that we already mention above in command ip dns set primary-dns=x.x.x.x secondary-dns=y.y.y.y

Tirei essa configuração de:
Mikrotik + IPCop + Juniper Netscreen … go i-net

Então vamos lá:

Configurei tudo depois adicionei hotspot no mk. O hotspot so acessa digitando o ip do mk dai loga normalmente.

O problema que os clientes não acessam internet fica carregando e as paginas não abrem.

consigo acessar normalmente o IPcop e a internet tá funcionando de boa nele.

outra dúvida que tenho é em relação as DNS do ipcop e do MK como que devo configurar.

em geral a rede está assim

Modem roteado:
IP: 10.1.1.1
mask:255.0.0.0

IPCop:

GREEM:
IP 192.168.3.2
Mask 255.255.0.0

RED:
IP 10.1.1.60
mask 255.255.0.0
Gatway 10.1.1.1
dns 10.1.1.1

Mikrotik

ETHER1

IP 192.168.0.1
mask 255.255.0.0

ETHER2

IP 192.168.3.1
mask 255.255.0.0

Gostaria de saber porque os clientes não conseguem acessar internet.

Desde já agradeço a ajuda!!!!