MikroTik RouterOS (часть 5) - [35] :: В помощь системному администратору

Помогите с перенастройкой RB3011
Есть две сети
10.56.1.1/24 - локалка
10.56.3.1/24 - WiFi
Порты 1 - WAN,2 - включен WiFi роутер
3-10 - Локалка.
WiFi роутер временно был воткнут в 6 порт - все работало.
Стала задача разделить сети.
WiFi роутер воткнул во 2 порт, адрес выдался - но теперь проблема - не могу зайти на роутер -403 Forbidden и у мобильников нет интернета
Вот правила

Код:

/ip firewall filter
add action=add-src-to-address-list address-list=ddos-blacklist \
address-list-timeout=30m chain=input comment=\
"DDoS - Limit incoming connections, add IP to Blacklist" \
connection-limit=100,32 in-interface-list=WAN protocol=tcp
add action=tarpit chain=input comment=\
"DDoS - capture and hold connections, try to slow the attacker " \
connection-limit=3,32 protocol=tcp src-address-list=ddos-blacklist
add action=jump chain=forward comment="DDoS - SYN Flood protect" \
connection-state=new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=jump chain=input connection-state=new in-interface-list=WAN \
jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=return chain=SYN-Protect connection-state=new limit=200,5:packet \
protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp \
tcp-flags=syn
add action=accept chain=input comment=established/related connection-state=\
established,related,untracked
add action=accept chain=forward connection-state=\
established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=accept chain=input comment=L2TP+IPSec dst-port=1701,500,4500 \
in-interface-list=WAN protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=forward ipsec-policy=in,ipsec
add action=accept chain=forward ipsec-policy=out,ipsec
add action=accept chain=forward comment="VPN to Local" in-interface-list=!WAN \
out-interface-list=LAN src-address=10.76.2.0/24
add action=accept chain=input comment=ICMP protocol=icmp
add action=accept chain=input comment=LocalNetwork disabled=yes \
in-interface-list=LAN
add action=accept chain=forward disabled=yes in-interface-list=LAN
add action=fasttrack-connection chain=forward comment="Fasttrack Connection" \
connection-state=established,related
add action=accept chain=input comment="accept to local loopback CAPsMAN" \
disabled=yes dst-address=127.0.0.1
add action=drop chain=input comment="Drop enather" in-interface-list=!LAN \
log=yes log-prefix=drop_input
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list=WAN

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
Версия для печати • Подписаться • Добавить в закладки
Страницы: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126