Hirdetés

  2. Fórumok
  3. Hálózat, szolgáltatók
  4. Mikrotik routerek
  • Téma összefoglaló
    Utoljára frissítve: 2025-08-03 17:27

    LOGOUT

    Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.

Új hozzászólás Aktív témák

  • #12615 Core2duo6600 veterán
    Új Válasz #12615
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
    Privát üzenet küldése

    Core2duo6600

    veterán

    Hello,

    A tűzfalszabályok:

    [admin@MikroTik] /ip firewall filter> print
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; Kicus laptop
    chain=forward action=drop src-address=192.168.2.29 in-interface=bridge-Wifi out-interface=ether10 log=no log-prefix=""
    1 X chain=forward action=drop dst-address=192.168.2.29 in-interface=ether10 out-interface=bridge-Wifi log=no log-prefix=""
    2 X ;;; Kicus telo net tiltas
    chain=forward action=drop src-address=192.168.2.14 in-interface=bridge-Wifi out-interface=ether10 log=no log-prefix=""
    3 X chain=forward action=drop dst-address=192.168.2.14 in-interface=ether10 out-interface=bridge-Wifi log=no log-prefix=""
    4 X ;;; Block Youtube - Apu laptop
    chain=forward action=drop layer7-protocol=Block Youtube src-address=192.168.2.29 in-interface=bridge-Wifi log=no log-prefix=""
    5 X ;;; Block Wifi - Anyu
    chain=forward action=drop src-address=192.168.2.22 in-interface=bridge-Wifi log=no log-prefix=""
    6 X ;;; Block Youtube Wifi
    chain=forward action=drop layer7-protocol=Block Youtube in-interface=bridge-Wifi log=no log-prefix=""
    7 ;;; Drop SMTP KI 25
    chain=forward action=drop protocol=tcp in-interface=bridge-LAN dst-port=25 log=no log-prefix=""
    8 ;;; Drop SMTP KI 25
    chain=forward action=drop protocol=tcp in-interface=bridge-Wifi dst-port=25 log=no log-prefix=""
    9 chain=forward action=accept connection-state="" in-interface=bridge-LAN out-interface=Digi-PPPOE log=no log-prefix=""
    10 chain=input action=accept in-interface=bridge-LAN log=no log-prefix=""
    11 chain=input action=accept connection-state=established,related in-interface=Digi-PPPOE log=no log-prefix=""
    12 ;;; Wifi > nas2
    chain=forward action=accept dst-address=192.168.1.5 in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix=""
    13 ;;; Wifi > nas3
    chain=forward action=accept dst-address=192.168.1.7 in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix=""
    14 ;;; Wifi > NAS
    chain=forward action=accept dst-address=192.168.1.4 in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix=""
    15 ;;; Wifi > Atom
    chain=forward action=accept dst-address=192.168.1.6 in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix=""
    16 ;;; Wifi > i7 860
    chain=forward action=accept dst-address=192.168.1.33 in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix=""
    17 ;;; NAS2 > Wifi
    chain=forward action=accept src-address=192.168.1.5 in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix=""
    18 ;;; NAS3 > Wifi
    chain=forward action=accept src-address=192.168.1.7 in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix=""
    19 ;;; NAS > Wifi
    chain=forward action=accept src-address=192.168.1.4 in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix=""
    20 ;;; Atom > Wifi
    chain=forward action=accept src-address=192.168.1.6 in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix=""
    21 ;;; i7 860 > Wifi
    chain=forward action=accept src-address=192.168.1.33 in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix="860 2 wifi"
    22 ;;; Wifi DNS REQ
    chain=input action=accept protocol=udp in-interface=bridge-Wifi dst-port=53 log=no log-prefix=""
    23 ;;; Wifi -> NET
    chain=forward action=accept protocol=tcp in-interface=bridge-Wifi out-interface=Digi-PPPOE dst-port=80,443,8080,993,587,465,8886 log=no log-prefix=""
    24 ;;; Wifi -> Kozti VPN
    chain=forward action=accept protocol=tcp dst-address=89.135.52.121 in-interface=bridge-Wifi out-interface=Digi-PPPOE dst-port="" log=no log-prefix="kozti"
    25 ;;; Wifi -> NET Minden egy b tilt s
    chain=forward action=drop in-interface=bridge-Wifi out-interface=Digi-PPPOE log=no log-prefix="wifi egyeb"
    26 ;;; Drop DNS From DIGI
    chain=input action=drop protocol=tcp in-interface=Digi-PPPOE dst-port=53 log=no log-prefix=""
    27 ;;; Drop DNS From DIGI
    chain=input action=drop protocol=udp in-interface=Digi-PPPOE dst-port=53 log=no log-prefix=""
    28 ;;; Wifi -> nyomtat
    chain=forward action=accept dst-address=192.168.1.2 in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix=""
    29 ;;; Nyomtat -> Wifi
    chain=forward action=accept src-address=192.168.1.2 in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix=""
    30 ;;; Wifi -> NET ping
    chain=forward action=accept protocol=icmp in-interface=bridge-Wifi out-interface=Digi-PPPOE log=no log-prefix=""
    31 ;;; Wifi in - Winbox
    chain=input action=accept protocol=tcp in-interface=bridge-Wifi dst-port=8291 log=no log-prefix=""
    32 ;;; Wifi in - NTP
    chain=input action=accept protocol=udp in-interface=bridge-Wifi dst-port=123 log=no log-prefix=""
    33 ;;; Wifi in drop
    chain=input action=drop in-interface=bridge-Wifi log=no log-prefix="Wifi input drop"
    34 ;;; Drop invalid from LAN
    chain=forward action=drop connection-state=invalid connection-type="" in-interface=bridge-LAN log=no log-prefix="invalid"
    35 X ;;; L2TP Allow
    chain=input action=accept protocol=udp dst-port=1701,500,4500 log=yes log-prefix="L2TP"
    36 X chain=input action=accept protocol=ipsec-esp log=no log-prefix=""
    37 X chain=forward action=accept src-address=10.10.3.0/24 log=no log-prefix=""
    38 X chain=input action=accept src-address=10.10.3.0/24 log=no log-prefix=""
    39 ;;; Allow SSTP
    chain=input action=accept protocol=tcp dst-port=443 log=no log-prefix=""
    40 chain=forward action=accept src-address=10.10.2.0/24 log=no log-prefix=""
    41 chain=input action=accept src-address=10.10.2.0/24 log=no log-prefix=""
    42 ;;; Drop Digi
    chain=input action=drop in-interface=Digi-PPPOE log=no log-prefix="dorp digi"
    43 ;;; Wifi -> Lan drop
    chain=forward action=drop in-interface=bridge-Wifi out-interface=bridge-LAN log=no log-prefix="wifi -lan "
    44 ;;; LAN -> Wifi drop
    chain=forward action=drop in-interface=bridge-LAN out-interface=bridge-Wifi log=no log-prefix="lan wifi"
    45 ;;; Drop All
    chain=input action=drop log=no log-prefix="Drop All"

    NAT :

    [admin@MikroTik] /ip firewall nat> print
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; LAN
    chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=Digi-PPPOE log=no log-prefix=""
    1 ;;; Wifi
    chain=srcnat action=masquerade src-address=192.168.2.0/24 out-interface=Digi-PPPOE log=no log-prefix=""
    2 ;;; SSTP
    chain=srcnat action=masquerade src-address=10.10.2.0/24 out-interface=Digi-PPPOE log=no log-prefix=""
    3 ;;; L2TP
    chain=srcnat action=masquerade src-address=10.10.3.0/24 out-interface=Digi-PPPOE log=no log-prefix=""
    4 X ;;; Discord > S8
    chain=dstnat action=dst-nat to-addresses=192.168.2.17 to-ports=50000-65535 protocol=udp in-interface=Digi-PPPOE dst-port=50000-65535 log=no log-prefix=""

    A kérdésem, miért nem érem a 192.168.2.25 ös laptopról a 192.168.33 as gépet a lan hálózaton.
    A szabályokat a Atom nevű szabály másolásával hoztam létre, csak az ip címet módosítottam, ill. a kommentet.
    A 192.168.1.6 os címen lévő atom nevű gépet elérem, mint ahogy a nas okat is.
    Igaz ezeknek fix ip címe van.

Új hozzászólás Aktív témák