Citat:
acebzan: LxAxKxI - ala si ga smuntao sa adresama :)
Kao sto je Informer napisao, x.x.x.87/29 ne mozes da imas po onom sto si napisao.
x.x.x.56/29 je izgleda tvoj opseg, ali si verovatno permutovao brojke.
Probaj da uradis sledecu stvar:
1. pusti ping na x.x.x.57 (adresa koja ti je gateway) - i ne bi trebalo da imas ping ka toj adresi.
2. zalepi na eth ka tebi, ili bridge1 interfejs u kom su ti portovi x.x.x.57/29 (upises adresu i stavis ok, on ce sam da izracuna broadcast i network).
3. pusti ping sad ka x.x.x.57 i morao bi da imas ping ka toj adresi. Ako nemas ping, onda nesto nije dobro izrutirano pa kontaktiraj provajdera.
Ili odradi tracert do x.x.x.57 i vidi da li uopste dolazi do tvoje /30 adrese koju si dobio od provajdera.
Oni bi trebalo da su stavili da je x.x.x.56/29 dostupna preko y.y.y.54/30.
Ma skroz sam se sludeo !!
opseg je x.x.x.56/29
1. pusti ping na x.x.x.57 (adresa koja ti je gateway) - i ne bi trebalo da imas ping ka toj adresi.
- mogu da pingujem tu adresu i iz mog lan-a a i sa racunara od prijatelja
2. 2. zalepi na eth ka tebi, ili bridge1 interfejs u kom su ti portovi x.x.x.57/29 (upises adresu i stavis ok, on ce sam da izracuna broadcast i network).
E sada tu sam mozda napravio gresku :
Code:
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 172.16.0.1/20 172.16.0.0 LAN
1 ;;; WAN Internet IP
x.x.151.34/32 x.x.151.33 WAN
2 X 172.16.6.1/24 172.16.6.0 ESXi #3
3 ;;; WAN Public IPs
x.x.139.57/29 x.x.139.56 WAN
4 x.x.139.60/29 x.x.139.56 WAN
5 x.x.139.58/29 x.x.139.56 WAN
Citat:
Oni bi trebalo da su stavili da je x.x.x.56/29 dostupna preko y.y.y.54/30.
Tako mi bar kazu da je to odradjeno.
Citat:
tracert do x.x.x.57 i vidi da li uopste dolazi do tvoje /30 adrese koju si dobio od provajdera.
Kada radim tracert sa moje masine koja je u LAN-u:
Code:
C:\Users\laki>tracert x.x.139.57
Tracing route to free-139-57.mediaworksit.net [x.x.139.57]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms free-139-57.mediaworksit.net [x.x.139.57]
Trace complete.
Evo sta sam ja do sada uradio ali i dalje cupkam kosu :-)
Firewall Filter rule
Code:
/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=log dst-address=x.x.139.60 log-prefix=""
1 X chain=input action=log protocol=icmp dst-address=x.x.151.34 log-prefix=""
2 ;;; WINBOX LAN
chain=input action=accept protocol=tcp in-interface=LAN dst-port=8291
3 ;;; WINBOX WAN
chain=input action=accept protocol=tcp dst-address=x.x.151.34 in-interface=WAN
dst-port=8291
4 ;;; Remote sa x.x.139.60
chain=input action=accept protocol=tcp dst-address=x.x.139.60 in-interface=WAN
dst-port=5666
5 ;;; ESXi #2 - IIS Web
chain=forward action=accept protocol=tcp dst-address=172.16.0.32 dst-port=80
6 ;;; ESXi #2 - IIS Remote
chain=forward action=accept protocol=tcp dst-address=172.16.0.32 dst-port=3389
7 ;;; ESXi #3 - IIS Remote
chain=forward action=accept protocol=tcp dst-address=172.16.6.59 dst-port=3389
8 X ;;; FTP port 20
chain=input action=accept protocol=tcp dst-address=x.x.151.34 dst-port=20
9 X ;;; Allow FTP Control Port
chain=customer action=accept protocol=tcp dst-address=172.16.0.71 dst-port=21
10 X ;;; Allow FTP Transfer Port
chain=forward action=accept protocol=tcp dst-address=172.16.0.59 in-interface=WAN
dst-port=21233
11 X ;;; Allow limited Passive FTP port range
chain=forward action=accept protocol=tcp dst-address=172.16.0.59 in-interface=WAN
dst-port=10500-10510
NAT rule
Code:
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; NAT za lokalnu mrezu
chain=srcnat action=masquerade src-address=172.16.0.0/20 out-interface=WAN
1 ;;; NAT za lokalnu mrezu
chain=srcnat action=src-nat to-addresses=x.x.151.34 src-address=172.16.0.0/20
out-interface=WAN
2 X ;;; NAT za lokalnu mrezu
chain=srcnat action=masquerade src-address=172.16.0.0/20 dst-address=0.0.0.0/0
3 ;;; 1 TO 1 NAT <- ovo ne radi
chain=dstnat action=dst-nat to-addresses=172.16.0.59 to-ports=6112-6119 protocol=tcp
dst-address=x.x.139.60 in-interface=WAN dst-port=6112-6119
4 ;;; 1 TO 1 NAT <- Radi
chain=dstnat action=dst-nat to-addresses=172.16.0.59 to-ports=6112-6119 protocol=udp
dst-address=x.x.151.34 in-interface=WAN dst-port=6112-6119
5 ;;; EXSi #2 - IIS Web
chain=dstnat action=dst-nat to-addresses=172.16.0.32 to-ports=80 protocol=tcp
dst-address=x.x.151.34 dst-port=5668
6 ;;; EXSi #2 - IIS Remote Access
chain=dstnat action=dst-nat to-addresses=172.16.0.32 to-ports=3389 protocol=tcp
dst-address=x.x.151.34 in-interface=WAN dst-port=5669
7 ;;; EXSi #3 - Redirect RDP PORT TCP 3389 to.6.59 <- ne radi :-(
chain=dstnat action=dst-nat to-addresses=172.16.6.59 to-ports=3389 protocol=tcp
dst-address=x.x.139.60 dst-address-type=local in-interface=WAN dst-port=5666
Znaci tracert iz lokala mi radi, probao sam
tracert x.x.139.58
tracert x.x.139.60
i za obe dobijam isto a i na mikrotiku u log rule imam byte i packet vrednosti
ali kada to isto pokusam sa spolja (RDC na kucni racunar i sa njega tracert na x.x.139.58 ili .60 ) dobijam "Request timed out" ..