Веб-сервер доступен через внешние подключения (проверил ещё раз). Пытался настроить Hairpin NAT (), но это не заработало из внутренней сети. Попробовал правило, найденное здесь: – и оно тоже не работает. Что мне теперь посмотреть или сделать?
Отредактировано: Выгрузка конфигурации
Отредактировано 2: Выгрузка конфигурации
[admin@MikroTik] > export hide-sensitive compact jan/11/2014 13:44:55 by RouterOS 5.26 software id = HFLJ-B1QM
/interface ethernet
set 0 name=sfp1-gateway
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 name=ether10-WAN
/interface bridge
add admin-mac=D4:CA:6D:6F:6D:F3 auto-mac=no name=bridge-local protocol-mode=rstp
add l2mtu=1598 name=FiberOp-bridge protocol-mode=rstp
/interface vlan
add interface=ether10-WAN l2mtu=1594 name=FiberOp-VLAN vlan-id=35
/interface wireless
security-profiles add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=THX1138-WPA2 supplicant-identity=“”
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=canada disabled=no distance=indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge security-profile=THX1138-WPA2 ssid=THX1138 wireless-protocol=802.11
/ip pool
add name=InternalPool ranges=192.168.0.105-192.168.0.200
/ip dhcp-server
add add-arp=yes address-pool=InternalPool disabled=no interface=FiberOp-bridge name=FiberOp-DHCP
/interface bridge port
add bridge=FiberOp-bridge interface=ether2
add bridge=FiberOp-bridge interface=ether3
add bridge=FiberOp-bridge interface=ether4
add bridge=FiberOp-bridge interface=ether5
add bridge=FiberOp-bridge interface=ether6-master-local
add bridge=FiberOp-bridge interface=wlan1
/ip address
add address=192.168.0.1/24 interface=FiberOp-bridge
/ip dhcp-client
add disabled=no interface=FiberOp-VLAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add chain=input comment=“Accept Ping” protocol=icmp
add chain=input comment=“Accept Established” connection-state=established
add chain=input comment=“Accept Related” connection-state=related
add action=drop chain=input in-interface=sfp1-gateway
add action=drop chain=input in-interface=FiberOp-VLAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“Hairpin NAT HTTP” dst-address=192.168.0.100 dst-port=80 out-interface=FiberOp-bridge protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=FiberOp-VLAN src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment=“NAT HTTP” dst-port=80 in-interface=FiberOp-VLAN protocol=tcp to-addresses=192.168.0.100 to-ports=80
/ip neighbor
discovery set sfp1-gateway disabled=yes
set ether10-WAN disabled=yes
set wlan1 disabled=yes
set FiberOp-VLAN disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.0.0/24 port=8080
set ssh address=192.168.0.0/24
set winbox address=192.168.0.0/24
/system clock
set time-zone-name=America/Moncton
/system ntp client
set enabled=yes primary-ntp=142.4.200.228 secondary-ntp=198.45.49.187
/system ntp server
set enabled=yes
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool sniffer
set filter-direction=any
Отредактировано: Выгрузка конфигурации
Отредактировано 2: Выгрузка конфигурации
[admin@MikroTik] > export hide-sensitive compact jan/11/2014 13:44:55 by RouterOS 5.26 software id = HFLJ-B1QM
/interface ethernet
set 0 name=sfp1-gateway
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 name=ether10-WAN
/interface bridge
add admin-mac=D4:CA:6D:6F:6D:F3 auto-mac=no name=bridge-local protocol-mode=rstp
add l2mtu=1598 name=FiberOp-bridge protocol-mode=rstp
/interface vlan
add interface=ether10-WAN l2mtu=1594 name=FiberOp-VLAN vlan-id=35
/interface wireless
security-profiles add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=THX1138-WPA2 supplicant-identity=“”
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=canada disabled=no distance=indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge security-profile=THX1138-WPA2 ssid=THX1138 wireless-protocol=802.11
/ip pool
add name=InternalPool ranges=192.168.0.105-192.168.0.200
/ip dhcp-server
add add-arp=yes address-pool=InternalPool disabled=no interface=FiberOp-bridge name=FiberOp-DHCP
/interface bridge port
add bridge=FiberOp-bridge interface=ether2
add bridge=FiberOp-bridge interface=ether3
add bridge=FiberOp-bridge interface=ether4
add bridge=FiberOp-bridge interface=ether5
add bridge=FiberOp-bridge interface=ether6-master-local
add bridge=FiberOp-bridge interface=wlan1
/ip address
add address=192.168.0.1/24 interface=FiberOp-bridge
/ip dhcp-client
add disabled=no interface=FiberOp-VLAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add chain=input comment=“Accept Ping” protocol=icmp
add chain=input comment=“Accept Established” connection-state=established
add chain=input comment=“Accept Related” connection-state=related
add action=drop chain=input in-interface=sfp1-gateway
add action=drop chain=input in-interface=FiberOp-VLAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“Hairpin NAT HTTP” dst-address=192.168.0.100 dst-port=80 out-interface=FiberOp-bridge protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=FiberOp-VLAN src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment=“NAT HTTP” dst-port=80 in-interface=FiberOp-VLAN protocol=tcp to-addresses=192.168.0.100 to-ports=80
/ip neighbor
discovery set sfp1-gateway disabled=yes
set ether10-WAN disabled=yes
set wlan1 disabled=yes
set FiberOp-VLAN disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.0.0/24 port=8080
set ssh address=192.168.0.0/24
set winbox address=192.168.0.0/24
/system clock
set time-zone-name=America/Moncton
/system ntp client
set enabled=yes primary-ntp=142.4.200.228 secondary-ntp=198.45.49.187
/system ntp server
set enabled=yes
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool sniffer
set filter-direction=any
