미크로틱 rb950 사용중입니다.
VPN 세팅을 했더니 VPN연결은 잘되는데 로컬네트웍에 접속이 안됩니다.
파일서버와 다른 몇대 서버가 있어서 테스트해봤는데, 핑, 텔넷, ftp, 파일공유까지 모두 안되네요.
로컬네트웍에 DHCP서버가 따로 돌고있어서 DHCP관련 설정은 제외했습니다.
set arp=proxy-arp 옵션이 있으면 파일공유가 된다고 들었는데, 공유가 안되네요.
# sep/06/2015 06:52:39 by RouterOS 6.11
# software id = 302B-EFZ0
#
/interface bridge
add l2mtu=1598 name=bridge2
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp
/interface wireless
set [ find default-name=wlan1 ] disabled=no l2mtu=2290 mode=ap-bridge ssid=\
LGTT wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys \
wpa-pre-shared-key=password wpa2-pre-shared-key=password
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=192.168.77.1-192.168.77.254
add name=pptp_pool ranges=2.2.2.80-2.2.2.89
/ip dhcp-server
add address-pool=dhcp interface=bridge2 name=dhcp1
/ppp profile
set 0 dns-server=168.126.63.1,168.126.63.2 local-address=211.225.22.22 \
remote-address=pptp_pool
/interface bridge port
add bridge=bridge2 interface=ether2
add bridge=bridge2 interface=ether3
add bridge=bridge2 interface=ether4
add bridge=bridge2 interface=ether5
add bridge=bridge2 interface=wlan1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
yes
/ip address
add address=2.2.2.1/24 interface=ether2 network=2.2.2.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=2.2.2.0/24 gateway=2.2.2.1 netmask=24
/ip firewall filter
add action=drop chain=forward src-address=122.225.36.0/24
add action=drop chain=forward dst-address=0.0.0.0 src-address=122.225.36.12
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
/ip service
set telnet disabled=yes
/ip smb shares
add directory=/share1 name=share1
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=bridge2 type=internal
add interface=ether1 type=external
/ppp secret
add name=ys password=password
/system clock
set time-zone-name=Asia/Seoul
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge2 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set <pptp-ys> disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=211.233.40.78
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool traffic-monitor
add interface=bridge2 name=tmon1 threshold=0 trigger=always
add disabled=yes interface=bridge2 name=tmon2 threshold=0 traffic=received \
trigger=always
Åð±ÙÇϸé Àû¿ëÇغ¸Áö¿ä.