¹ÌÅ©·Îƽ RB4011 °øÀ¯±â - CRS305 ½ºÀ§Ä¡ ÇÏ´Ü¿¡ ¹°¸° NAS Æ÷Æ®Æ÷¿öµù ¾î·Æ±º¿ä.
160;
안녕Ȣ16;세요!
위 그림과 같1060; 설치...사실 선만 연결.104;Ǻ12; 1080;습니다. RB4011과 CRS305lj16; SFP+/196; 연결.104;Ǻ12; 1080;고 CRS305와 나스, 맥0120;니도 SFP+/196; 연결.104;Ǻ12; 1080;습니다.
현1116; 가1109; 시급7176; 해야 할 ,163;1060; 외ǥ12;에서 나스/196; 1217;근Ȣ16;기 위한 포트포워딩1077;니다.160;
1204;에 넷기Ǻ12; R7000 공유기 사용시에lj16; 공유기와 나스가 다1060;/113;트/196; 연결.104;Ǻ12; 1080;Ǻ12;서 포트포워딩에 Ǻ12;/140;움1060; 없었습니다만,160;
0120;크/196;ᔘ1; 설1221;메뉴도 매우 ᆫ1;설고, 또 공유기와 나스 사1060;에 CRS305도 연결.104;Ǻ12; 1080;Ǻ12;서 포트포워딩1012; Ǻ12;디서ǥ12;터 시1089;해야할 1648; DŽ12;감합니다.12640;
1. 포트포워딩 설1221;시. RB4011 공유기 1104;만 아니라 CRS305 스위치도 해1480;야 Ȣ16;lj16;가요?160;
160; 160;RB4011 공유기 설1221;메뉴 Ǻ12;디에서도 나스1032; IP 1452;소나 Mac 1452;소가 보1060;1648; 않아 CRS305에서도 설1221;1012; 해1480;야 Ȣ16;lj16;1648; 1032;문1060; Ǐ17;니다.
2. 예를 들Ǻ12; RB4011 공유기1032; IP가 X.X.X.1, 160; 공유기 Gateway가 X.X.X.2, 160; 160;CRS305가 X.X.X.3, 160; 160;나스가 X.X.X.4 1060;라고 가1221;Ȣ16;면,
160; 160; 설1221;1012; Ǻ12;떻,172; 해1480;야 할까요?
1060; 계통에lj16; 완1204; 초보라 고수님들1032; 귀한 NJ13;변1012; 고대합니다. NJ13;변 0120;리 ƾ18;7176; 감사드립니다.^^
±×³É ¾ÆÀÌÇǸ¸ ºÐ¸®ÇØÁÖ´Â ½ºÀ§Ä¡¶ó¸é »óÀ§ÀÇ ¶ó¿ìÅ͸¦ ¸¸Á®ÁÖ¼¼¾ßµÇ±¸¿ä
4011Àº ´ç¿¬È÷ Æ÷¿öµùÇØÁּžߵDZ¸¿ä~
305´Â Á¦°¡ ±â±â¸¦ À߸ð¸£Áö¸¸ ½ºÀ§Ä¡¸ðµå¶ó°íÇÑ´Ù¸é ¾ÈÇØÁּŵµµÇ±¸¿ä
¶Ç ´Ù½Ã ³»ºÎ¸ÁÀ» ¸¸µå´Â ¼¼ÆÃÀ̶ó¸é À̰͵µ Æ÷¿öµùÇØÁּžߵ˴ϴÙ~
2¹øÀ̶ó°íÇÑ´Ù¸é ¾Æ¸¶µµ 4011 È¥ÀÚ ¶ó¿ìÆÃÀ» ±¸¼ºÇϴ°Ͱ°Àºµ¥ ÀϹÝÀûÀ¸·Î 4011¸¸ ¼¼ÆÃÇØÁֽɵ˴ϴÙ
¹ÌÅ©·ÎƽÀº ¿£ÅÍÇÁ¶óÀÌÁî±Þ Àåºñ·Î ¾ÆÀÌÇÇŸÀÓó·³ ¸¸¸¸ÇÏ°Ô º¸½Ã¸é ¾ÈµÇ´Âµ¥.. (±×·¡µµ ¹ÌÅ©·ÎƽÀº ½¬¿îÆíÀÔ´Ï´Ù.)
³×Æ®¿öÅ© Áö½Äµµ ¾øÀÌ ¹ÌÅ©·ÎƽÀ» ¼ÂÆÃÇÏ´Â°Ç °ÅÀÇ ºÒ°¡´ÉÇÕ´Ï´Ù.
¹ÌÅ©·Îƽ ROS¿¡¼´Â ½ºÀ§Ä¡¸¦ ¶ó¿ìÅÍ·Î »ç¿ëÇÒ ¼ö ÀÖ±ä ÇÏÁö¸¸ º¸ÅëÀº ÀÌ·¸°Ô »ç¿ëÇÏÁö ¾Ê½À´Ï´Ù. (½ºÀ§Ä¡´Â ½ºÀ§Ä¡ÀÏ »Ó..)
µû¶ó¼ ½ºÀ§Ä¡¿¡¼´Â Æ÷Æ®Æ÷¿öµùÀ» ¼³Á¤ÇÒ ¼ö ¾ø½À´Ï´Ù. (ÇÒ ÇÊ¿äµµ ¾ø°í¿ä.)
RB4011¿¡¼¸¸ Æ÷Æ®Æ÷¿öµù ¼³Á¤ÇÏ¸é µË´Ï´Ù.
RB4011¿¡ ³ª½º°¡ ´ÙÀÌ·ºÆ®·Î ¹°¸°°Ô ¾Æ´Ï´Ï ÀÎÅÍÆäÀ̽º ¸®½ºÆ®¿¡ º¸ÀÌÁö ¾Ê´Â°Ç ´ç¿¬ÇÕ´Ï´Ù.
DHCP¸¦ »ç¿ëÇϽô°Š°°À¸´Ï DHCP ¼¹ö¿¡¼ ¾ÆÀÌÇǸ¦ º¸½Ã¸é µË´Ï´Ù.
2¹ø.
Æ÷Æ®Æ÷¿öµùÀº IP Firewall¿¡¼ dst-nat·Î ¼³Á¤ÇÏ½Ã¸é µÇ´Âµ¥,
³»ºÎ¿¡¼ ¿ÜºÎ¾ÆÀÌÇÇ·Î Á¢¼ÓÇÒ ¶§ ÆÐŶÀÌ Æó±âµÇ´Â Çö»óÀ» ¸·À¸·Á¸é
src-natÀ¸·Î Çì¾îÇÉ ¼ÂÆà Ãß°¡ÀûÀ¸·Î ÇØÁà¾ß ÇÕ´Ï´Ù.
NAT ¼ÂÆÃ
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
Æ÷Æ®Æ÷¿öµù
http://www.mikrotik.co.kr/tn/?mod=document&uid=47&page_id=1569
Çì¾îÇÉ
http://www.mikrotik.co.kr/wiki/index.php/%EB%A9%94%EB%89%B4%EC%96%BC:Hairpin_NAT
´Ù¸¥°Ô ±Ã±ÝÇÏ¸é °ø½Ä À§Å° Âü°íÇϼ¼¿ä.
https://wiki.mikrotik.com/wiki/Manual:TOC
¹ÌÅ©·Îƽ¿¡¼ IGMP°¡ ¾ÈµÇ´Â°Ç ¾Æ´Ñµ¥ °øÀθÁ¿¡ ¹°·Á¾ß ¾ÈÁ¤ÀûÀÔ´Ï´Ù.
¸ÕÀú, ºí·Î±× ±Û¿¡¼ ù ¹ø° ¼³Á¤³»¿ëÀº ¾îµð¿¡ ÇÊ¿äÇÑ °ÍÀÎÁö¿ä? WANÀ¸·Î ¼³Á¤ÇÏ¸é ºÓÀº ±Û¾¾·Î ¿¡·¯°¡ ³ª°í Bridge·Î ¼³Á¤Ç϶ó°í ¾È³»¸¦ Çϴµ¥ ¹«¾ùÀÌ ¹®Á¦Àϱî¿ä?
IP>Firewall>NAT> "+"·Î RuleÀ» Ãß°¡ÇÑ´Ù.
1. General TAB, Chain : srcnat, Out.Interface : WAN(Modem°ú ¿¬°áµÈ Æ÷Æ® ÁöÁ¤)
2. Action TAB, Action : masquerade
µÑ°·Î, ¸»¾¸ÇϽŠ³»¿ë´ë·Î ¼³Á¤À» ¸¶ÃÆÁö¸¸ ¿©ÀüÈ÷ Æ÷Æ®Æ÷¿öµùÀº ¾ÈµÇ°í ÀÖ½À´Ï´Ù. Ȥ½Ã ´õ ¼ÕºÁ¾ß ÇÒ °÷Àº ¾øÀ»±î¿ä? ´ä´äÇÑ ¸¶À½¿¡ ¶Ç ºÎŹÀ» µå¸³´Ï´Ù. °¨»çÇÕ´Ï´Ù.^^
Æ÷Æ®Æ÷¿öµù¼³Á¤Àº ºí·Î±× ÇØ´ç±Û ¾Æ·¡ ºÎºÐ¿¡ ³ª¿Í ÀÖ½À´Ï´Ù.
¾Æ ±×¸®°í NAT¼³Á¤¿¡¼ ¾Æ¿ôÀÎÅÍÆäÀ̽º´Â KT ModemÀÌ ¿¬°áµÈ Æ÷Æ®¸¦ ÁöÁ¤ÇØÁּžßÇÕ´Ï´Ù. Àú °°Àº°æ¿ì ºê¸´Áö·Î ¼³Á¤ÇÏ°í À̸§À» WanÀ¸·Î ÇÑ °Í »ÓÀ̰ŵç¿ä. ºê¸´Áö ¼³Á¤À» ¾ÈÇÏ¼Ì´Ù¸é ±×³É ÇØ´ç Æ÷Æ®¸¦ ÁöÁ¤ÇÏ½Ã¸é µË´Ï´Ù.
¾Æ·¡ ÅؽºÆ®´Â ¼³Á¤°ªÀ» ExportÇØ º» °ÍÀÔ´Ï´Ù. Æ÷Æ®Æ÷¿öµùÀº ¸Å¿ì ´Ü¼øÇѵ¥ Ȥ½Ã Æ÷Æ®Æ÷¿öµù ¸»°í ´Ù¸¥ ºÎºÐ¿¡¼ À߸ø ¼³Á¤µÈ °ÍÀº ¾øÀ»±î¿ä?
¿¹¸¦ µé¸é Æ÷Æ®ÀÇ ±ÇÇÑ ¶Ç´Â ¿ëµµ µî¿¡ ÀÖ¾î¼ À߸øÀÌ ÀִٰųªÇÏ´Â...
Âü°í·Î 4011°ú 305´Â SFP+·Î µ¿Ãà ÄÉÀ̺í·Î ¿¬°áµÇ¾î ÀÖ°í, 305 ÇÏ´Ü¿¡ ³ª½º¿Í PC°¡ ¿ª½Ã SFP+ Áöºò ±¤ÄÉÀ̺í·Î ºÙ¾î ÀÖ½À´Ï´Ù.
¾Æ¹«¸® Çصµ ¾ÈµÇ¾î º°ÀǺ° »ý°¢ÀÌ ´Ù µì´Ï´Ù¸¸...
¼³¸¶ 4011ÀÌ °¡Á¤¿ëÀ̶ó Firewall¿¡¼ ¹º°¡ µðÆúÆ®·Î Á¦ÇÑÀ» °É¾î³õ´Â °ÍÀº ¾Æ´Ï°ÚÁö¿ä?
±×¸®°í ¹ÌÅ©·Îƽ ½º¸¶Æ®Æù ¾îÇÿ¡¼ µ¿ÀϸÁ ¿ÍÀÌÆÄÀÌ¿¡ ¿¬°áµÈ »óÅ¿¡¼ °øÀ¯±â(192.168.88.1)¿¡ Á¢±ÙÀÌ °¡´ÉÇѵ¥,
¿ÜºÎ ȸ¼±(LTE)·Î KT °øÀÎIP(¿¹¸¦ µé¸é, 14.42.xxx.xxx)¿¡ Á¢±ÙÇÏ·ÁÇϸé Á¢±ÙÀÌ ¾ÈµÇ°í Àִµ¥, ¹«¾ð°¡ ´Ü¼°¡ µÇÁö ¾ÊÀ»±î¿ä?
µÎ¼¾øÀÌ »ý°¢³ª´Â ´ë·Î Àû½À´Ï´Ù. ÀÌÇظ¦ ºÎŹµå¸³´Ï´Ù. °¨»çÇÕ´Ï´Ù.
# dec/22/2019 23:37:44 by RouterOS 6.46.1
# software id = xxxxxx
#
# model = RB4011iGS+5HacQ2HnD
# serial number = xxxxxxxxx
/interface bridge
add admin-mac=xxxxxxxxxxxx auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="korea republic" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge secondary-channel=auto \
ssid=JH-Mik5G wireless-protocol=802.11
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="korea republic" disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=JH-Mik2.4G wireless-protocol=\
802.11
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
xxxxxxxxxxxx wpa2-pre-shared-key=xxxxxxxxxxxxxxxx
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\
!192.168.88.1 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=Https dst-address=!192.168.88.1 \
dst-address-type=local dst-port=443 protocol=tcp to-addresses=\
192.168.88.249 to-ports=443
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=8080 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=80 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
/system clock
set time-zone-name=Asia/Seoul
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
DHCP Client¿¡ µé¾î°¡¼ ¹ÌÅ©·ÎƽÀÌ ¹ÞÀº ¾ÆÀÌÇÇ°¡ 192.168·Î ½ÃÀÛÇÏ´ÂÁö È®ÀÎÇغ¸¼¼¿ä.
¸Â´Ù¸é KT ¸ðµ©À» ºê¸´Áö¸ðµå·Î ¹Ù²ãº¸¼¼¿ä
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=8080 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=80 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
¿©±â¼ to-ports°¡ µÑ´Ù 80À¸·Î µÇÀִµ¥ ÀüÀÚ¸¦ 8080À¸·Î ¼öÁ¤Çغ¸¼¼¿ä.
(»ç½Ç dst-port¿Í to-ports°¡ °°´Ù¸é to-ports´Â ¾È½áµµ µÇ±ä ÇÕ´Ï´Ù.)