Помогите решить задачу.
Имеется 2 маршрутизатора: mikrotik routerOS и openWRT
mikrotik работает в офисной сети 192.168.0.0/24
openWRT в домашней сети 192.168.1.0/24
Необходимо объединить эти две локальные сети по PPTP туннелю с возможностью общего доступа.
PPTP сервер поднят на микротике с локальным адресом 176.0.0.1 и удаленным 176.0.0.2
На openWRT создано VPN подключение, находящееся в одной группе с WAN (т.е. перед NAT)
Туннель работает, и сейчас используется для WOL на домашней машине (т.к. она не имеет белого ip в инете)
Я стучусь на статический адрес микротика из вне, пробрасываю порт на тоннель, и на домашнем роутере пробрасываю порт на широковещательный адрес.
В общем туннель работает сейчас только в одну сторону.
Но теперь мне надо с помощью этого туннеля объединить сети. Пинг не идет ни туда, ни сюда
Я предполагаю, что нужно правильно настроить маршрутизацию.
Настройки Mikrotik
Скрытый текст
Filter rules: (пока временно все правила выключены)
Код:
[root@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; drop invalid connections
chain=input action=drop connection-state=invalid log=no log-prefix=""
1 ;;; allow related connections
chain=forward action=accept connection-state=related log=no
log-prefix=""
2 ;;; Allow home WOL
chain=input action=accept protocol=tcp dst-port=1723 log=no
log-prefix=""
3 ;;; allow related connections
chain=input action=accept connection-state=related log=no log-prefix=""
4 ;;; allow established connections
chain=input action=accept connection-state=established log=no
log-prefix=""
5 chain=input action=accept src-address=192.168.0.0/24
in-interface=!PPPoE-WAN1 log=no log-prefix=""
6 chain=input action=accept src-address=192.168.0.0/24
in-interface=!PPPoE-WAN2 log=no log-prefix=""
7 ;;; drop everything else
chain=input action=drop log=no log-prefix=""
8 ;;; accept everything
chain=output action=accept log=no log-prefix=""
9 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid log=no log-prefix=""
10 ;;; allow already established connections
chain=forward action=accept connection-state=established log=no
log-prefix=""
11 ;;; Allow GRE
chain=forward action=accept protocol=gre log=no log-prefix=""
12 ;;; Allow home WOL
chain=forward action=accept protocol=udp in-interface=PPPoE-WAN1
dst-port=40009 log=no log-prefix=""
13 ;;; Allow WEB server
chain=forward action=accept protocol=tcp dst-port=55083 log=no
log-prefix=""
14 ;;; Allow WEB server
chain=forward action=accept protocol=tcp dst-port=8182 log=no
log-prefix=""
15 chain=forward action=drop src-address=0.0.0.0/8 log=no log-prefix=""
16 chain=forward action=drop dst-address=0.0.0.0/8 log=no log-prefix=""
17 chain=forward action=drop src-address=127.0.0.0/8 log=no log-prefix=""
18 chain=forward action=drop dst-address=127.0.0.0/8 log=no log-prefix=""
19 chain=forward action=drop src-address=224.0.0.0/3 log=no log-prefix=""
20 chain=forward action=drop dst-address=224.0.0.0/3 log=no log-prefix=""
21 chain=forward action=jump jump-target=tcp protocol=tcp log=no
log-prefix=""
22 chain=forward action=jump jump-target=udp protocol=udp log=no
log-prefix=""
23 chain=forward action=jump jump-target=icmp protocol=icmp log=no
log-prefix=""
24 ;;; accept from local to internet
chain=forward action=accept in-interface=!PPPoE-WAN1
out-interface=PPPoE-WAN1 log=no log-prefix=""
25 ;;; accept from local to internet
chain=forward action=accept in-interface=!PPPoE-WAN2
out-interface=PPPoE-WAN2 log=no log-prefix=""
26 ;;; drop everything else
chain=forward action=drop log=no log-prefix=""
27 ;;; deny TFTP
chain=tcp action=drop protocol=tcp dst-port=69 log=no log-prefix=""
28 ;;; deny RPC portmapper
chain=tcp action=drop protocol=tcp dst-port=111 log=no log-prefix=""
29 ;;; deny RPC portmapper
chain=tcp action=drop protocol=tcp dst-port=135 log=no log-prefix=""
30 ;;; deny NBT
chain=tcp action=drop protocol=tcp dst-port=137-139 log=no
log-prefix=""
31 ;;; deny cifs
chain=tcp action=drop protocol=tcp dst-port=445 log=no log-prefix=""
32 ;;; deny NFS
chain=tcp action=drop protocol=tcp dst-port=2049 log=no log-prefix=""
33 ;;; deny NetBus
chain=tcp action=drop protocol=tcp dst-port=12345-12346 log=no
log-prefix=""
34 ;;; deny NetBus
chain=tcp action=drop protocol=tcp dst-port=20034 log=no log-prefix=""
35 ;;; deny BackOriffice
chain=tcp action=drop protocol=tcp dst-port=3133 log=no log-prefix=""
36 ;;; deny DHCP
chain=tcp action=drop protocol=tcp dst-port=67-68 log=no log-prefix=""
37 ;;; deny TFTP
chain=udp action=drop protocol=udp dst-port=69 log=no log-prefix=""
38 ;;; deny PRC portmapper
chain=udp action=drop protocol=udp dst-port=111 log=no log-prefix=""
39 ;;; deny PRC portmapper
chain=udp action=drop protocol=udp dst-port=135 log=no log-prefix=""
40 ;;; deny NBT
chain=udp action=drop protocol=udp dst-port=137-139 log=no
log-prefix=""
41 ;;; deny NFS
chain=udp action=drop protocol=udp dst-port=2049 log=no log-prefix=""
42 ;;; deny BackOriffice
chain=udp action=drop protocol=udp dst-port=3133 log=no log-prefix=""
43 ;;; echo reply
chain=icmp action=accept protocol=icmp icmp-options=0:0 log=no
log-prefix=""
44 ;;; net unreachable
chain=icmp action=accept protocol=icmp icmp-options=3:0 log=no
log-prefix=""
45 ;;; host unreachable
chain=icmp action=accept protocol=icmp icmp-options=3:1 log=no
log-prefix=""
46 ;;; host unreachable fragmentation required
chain=icmp action=accept protocol=icmp icmp-options=3:4 log=no
log-prefix=""
47 ;;; allow source quench
chain=icmp action=accept protocol=icmp icmp-options=4:0 log=no
log-prefix=""
48 ;;; allow echo request
chain=icmp action=accept protocol=icmp icmp-options=8:0 log=no
log-prefix=""
49 ;;; allow time exceed
chain=icmp action=accept protocol=icmp icmp-options=11:0 log=no
log-prefix=""
50 ;;; allow parameter bad
chain=icmp action=accept protocol=icmp icmp-options=12:0 log=no
log-prefix=""
51 ;;; deny all other types
chain=icmp action=drop log=no log-prefix=""
52 ;;; Drop all
chain=forward action=drop log=no log-prefix=""
NAT:
Код:
[root@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=PPPoE-WAN1 log=no
log-prefix=""
1 chain=srcnat action=masquerade out-interface=PPPoE-WAN2 log=no
log-prefix=""
2 chain=dstnat action=netmap to-addresses=192.168.0.42 to-ports=80
protocol=tcp in-interface=PPPoE-WAN1 dst-port=55083 log=no
log-prefix=""
3 chain=dstnat action=netmap to-addresses=192.168.0.42 to-ports=8182
protocol=tcp in-interface=PPPoE-WAN1 dst-port=8182 log=no log-prefix=""
4 chain=dstnat action=netmap to-addresses=176.0.0.2 to-ports=40009
protocol=udp in-interface=PPPoE-WAN1 dst-port=40009 log=no
log-prefix=""
Routes:
Код:
[root@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 PPPoE-WAN2 1
1 A S 0.0.0.0/0 PPPoE-WAN1 1
2 ADS 0.0.0.0/0 178.124.193.128 1
3 DS 0.0.0.0/0 82.209.228.128 1
4 ADC 82.209.228.128/32 82.209.228.145 PPPoE-WAN1 0
5 ADC 178.124.193.128/32 178.124.193.165 PPPoE-WAN2 0
6 ADC 192.168.0.0/24 192.168.0.1 BRIDGE 0
7 X S 192.168.1.0/32 176.0.0.2 1
8 ADC 192.168.10.0/24 192.168.10.2 WAN1 0
9 ADC 192.168.20.0/24 192.168.20.2 WAN2 0
[root@MikroTik] >
Interfaces:
Код:
[root@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MA
0 RS LAN3 ether 1500 1598
1 S LAN4 ether 1500 1598
2 S LAN5 ether 1500 1598
3 R WAN1 ether 1500 1600
4 R WAN2 ether 1500 1600
5 RS WLAN wlan 1500 2290
6 R BRIDGE bridge 1500 1598
7 R PPPoE-WAN1 pppoe-out 1480
8 R PPPoE-WAN2 pppoe-out 1480
9 PPTP-VPN pptp-in
Я обыкновенный юзер, поэтому юзаю winbox/LuCi. Консольку не умею.
