¹ÌÅ©·Îƽ(rb950)¿¡¼­ VPN ¿¬°áÀº µÇ´Âµ¥ °øÀ¯°¡ ¾ÈµÇ³×¿ä.

¹Ú   
   Á¶È¸ 3906   Ãßõ 0    

미크로틱 rb950 사용중입니다.
VPN  세팅을 했더니 VPN연결은 잘되는데 로컬네트웍에 접속이 안됩니다.
파일서버와 다른 몇대 서버가 있어서 테스트해봤는데, 핑, 텔넷, ftp,  파일공유까지 모두 안되네요.
로컬네트웍에 DHCP서버가 따로 돌고있어서 DHCP관련 설정은 제외했습니다.
set arp=proxy-arp  옵션이 있으면 파일공유가 된다고 들었는데, 공유가 안되네요.



# sep/06/2015 06:52:39 by RouterOS 6.11
# software id = 302B-EFZ0
#
/interface bridge
add l2mtu=1598 name=bridge2
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp
/interface wireless
set [ find default-name=wlan1 ] disabled=no l2mtu=2290 mode=ap-bridge ssid=\
    LGTT wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys \
    wpa-pre-shared-key=password wpa2-pre-shared-key=password
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=192.168.77.1-192.168.77.254
add name=pptp_pool ranges=2.2.2.80-2.2.2.89
/ip dhcp-server
add address-pool=dhcp interface=bridge2 name=dhcp1
/ppp profile
set 0 dns-server=168.126.63.1,168.126.63.2 local-address=211.225.22.22 \
    remote-address=pptp_pool
/interface bridge port
add bridge=bridge2 interface=ether2
add bridge=bridge2 interface=ether3
add bridge=bridge2 interface=ether4
add bridge=bridge2 interface=ether5
add bridge=bridge2 interface=wlan1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
    yes
/ip address
add address=2.2.2.1/24 interface=ether2 network=2.2.2.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=2.2.2.0/24 gateway=2.2.2.1 netmask=24
/ip firewall filter
add action=drop chain=forward src-address=122.225.36.0/24
add action=drop chain=forward dst-address=0.0.0.0 src-address=122.225.36.12
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
/ip service
set telnet disabled=yes
/ip smb shares
add directory=/share1 name=share1
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=bridge2 type=internal
add interface=ether1 type=external
/ppp secret
add name=ys password=password
/system clock
set time-zone-name=Asia/Seoul
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge2 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set <pptp-ys> disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=211.233.40.78
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool traffic-monitor
add interface=bridge2 name=tmon1 threshold=0 trigger=always
add disabled=yes interface=bridge2 name=tmon2 threshold=0 traffic=received \
    trigger=always

ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
¹Ú°Ç 2015-09
proxy-arp¸¦ bridge2ÂÊÀ¸·Î °É¾îÁÖ¼¼¿ä.
¹Ú 2015-09
´äº¯°¨»çÇÕ´Ï´Ù.
Åð±ÙÇϸé Àû¿ëÇغ¸Áö¿ä.


QnA
Á¦¸ñPage 2752/5680
2015-12   1484423   ¹é¸Þ°¡
2014-05   4947728   Á¤ÀºÁØ1
2017-04   3533   ¹Ú¹®Çü
2018-07   3252   ¿µÄí´Ñ
2013-11   6026   ¹Ú¼º¸¸
2015-03   4651   ´ëÇѹα¹
2022-06   1262   µ¿±¤
2020-12   3854   sffbig
2016-05   4354   ÇູÇϼ¼
2017-04   21926   PiPPuuP
2011-05   9520   ¹Ú³²±Ô
2020-12   2246   »ßµ¹À̽½ÇÄÀÌ
02-21   1107   ¾îÄg
2022-07   1408   ¹Ú¹®Çü
2011-05   13376   ¸¶ÀÌÄÚÄÚ
2015-03   3344   kking
2016-05   5323   MrDM
2017-05   3739   ¹Ð¿ì
2020-12   5099   ¯¯¸Ç
2016-05   8267   ±è°Ç¿ì
2018-08   2885   ¸ÚÁø³²ÀÚ
2021-01   3898   isaiah