http://www.2cpu.co.kr/bbs/board.php?bo_table=QnA&wr_id=512127#c_512130
저의 무지로 저난 주 올렸던 질문 정보와 내용이 부족하여 같은 내용으로 다시 올리게 되어 송구스럽습니다.
현재 상태는 스크립트와 스케줄러로 ddns가 설정되어 있습니다.
내부망에서 설정해놓은 도메인에 연결하면 192.168.88.1 (Webfig)가 정상적으로 연결됩니다.
외부에서 같은 주소로 접속하면 연결이 되지 않습니다.
희망사항은 아래의 장비들이 외부에서 ddns, 포트 포워딩 해논것들이 연결이 되었으면 합니다.
1. 라우터보드 외부접속 (192.168.88.1)
2. hp ILO 4 외부접속 (192.168.88.251)
3. 서버외부접속(192.168.88.248) : 80포트 , 1521포트
현재 무슨 이유인지
mycloud에서 트렌스미션 9091포트와, 9000포트 재생페이지는 정상적으로 연결됩니다.
이것 저것 해보았는데 엉킹것이 아닌지 모르겠습니다.
혹시 몰라 설정 값을 아래에 첨부합니다.
외부에서 들어오는 sk 인터넷 선을 바로 미크로틱에 물린 상태입니다.
# mar/07/2016 23:20:55 by RouterOS 6.29.1
# software id = FGCJ-RWF0
#
/interface bridge
add admin-mac= auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
ether10-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above country="korea republic" disabled=no distance=indoors \
frequency=auto l2mtu=2290 mode=ap-bridge ssid=MikroTik-37828B \
wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=wifipass wpa2-pre-shared-key=wifipass
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/port
set 0 name=serial0
/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] local-address=192.168.89.1 name=\
default-encryption remote-address=vpn
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-local interface=wlan1
/interface l2tp-server server
set use-ipsec=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=58.126.245.76 list=external-ip
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
established,related
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
add chain=forward dst-port=5000 protocol=tcp src-address=192.168.88.250 \
src-port=5000
add chain=forward dst-port=8001 port=8001 protocol=tcp src-address=\
192.168.88.246 src-port=8001
add chain=input dst-port=8291 protocol=tcp
add action=fasttrack-connection chain=input
add action=fasttrack-connection chain=forward
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
add action=dst-nat chain=dstnat dst-address=58.126.245.76 dst-port=9000 \
in-interface=bridge-local protocol=tcp to-addresses=192.168.88.250 \
to-ports=9000
add action=dst-nat chain=dstnat dst-address=58.126.245.76 dst-port=9000 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.250 \
to-ports=9000
add action=dst-nat chain=dstnat dst-port=9091 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.250 to-ports=9091
add action=dst-nat chain=dstnat dst-port=7999 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.248 to-ports=7999
add action=dst-nat chain=dstnat dst-port=8001 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.1 to-ports=8001
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.248 to-ports=80
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.246 to-ports=80
add action=dst-nat chain=dstnat dst-port=8001 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.246 to-ports=8001
add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.251 to-ports=8888
add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.251 to-ports=8888
add action=dst-nat chain=dstnat dst-port=17990 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.251 to-ports=17990
add action=dst-nat chain=dstnat dst-address=58.126.245.76 dst-port=443 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.251 \
to-ports=443
/ppp secret
add name=vpn
/system clock
set time-zone-name=Asia/Seoul
/system routerboard settings
set protected-routerboot=disabled
/system scheduler
add interval=10m name=dynDNS on-event="/system scheduler add name=dynDNS" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-date=mar/04/2016 start-time=12:07:55
add name=schedule1 on-event="/ip firewall filter add action=accept chain=input\
\_dst-port=22 protocol=tcp " start-date=mar/04/2016 start-time=12:39:37
add interval=1m name=external-ip on-event="\
\n # Set needed variables\
\n:global extinterface \"ether1-gateway\"\
\n:global ExtIpListName \"external-ip\"\
\n:global extip \"\"\
\n:global oldextip \"\"\
\n\
\n# Grab the current IP address on that interface.\
\n:local extip2 [/ip address get [/ip address find interface=\$extinterfac\
e ] address];\
\n:set extip [:pick \$extip2 0 [:find \$extip2 \"/\"]];\
\n\
\n:if ([:len [/ip firewall address-list find list=\$ExtIpListName]] > 0) d\
o={\
\n :set oldextip [/ip firewall address-list get [/ip firewall address-li\
st find list=\$ExtIpListName] address];\
\n :if (\$oldextip != \$extip) do={\
\n /ip firewall address-list set [/ip firewall address-list find list\
=\$ExtIpListName address=\$oldextip] address=\$extip\
\n :log info \"External IP relpace from \$oldextip to \$extip\"\
\n };\
\n} else={\
\n /ip firewall address-list add list=\$ExtIpListName address=\$extip\
\n :log info \"New external IP added: \$extip\"\
\n};" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-date=mar/05/2016 start-time=10:22:04
/system script
add name=dynDNS policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# DynDN\
S update script v1.1\
\n\
\n:local userId \"아이\";\
\n:local password \"비밀번\";\
\n:local hosts \.mooo.com\";\
\n:local gatewayInterface \"ether1-gateway\";\
\n:local secureUpdate no;\
\n:local saveResult yes;\
\n\
\n:global previousIpAddress;\
\n\
\n:if ([/interface find where name=\$gatewayInterface running=yes] != \"\"\
) do={\
\n# Get the current IP on the interface\
\n :local currentIpAddress [/ip address get [find interface=\"\$gateway\
Interface\" disabled=no] address];\
\n# Strip the net mask off the IP address\
\n :for i from=( [:len \$currentIpAddress] - 1) to=0 do={\
\n :if ( [:pick \$currentIpAddress \$i] = \"/\") do={ \
\n :set currentIpAddress [:pick \$currentIpAddress 0 \$i];\
\n } \
\n }\
\n\
\n :if (\$currentIpAddress != \$previousIpAddress) do={\
\n :log info \"ddns: Current ip address (\$currentIpAddress) is not\
\_equal to previous ip address, update needed\";\
\n :set previousIpAddress \$currentIpAddress;\
\n\t\t\
\n\t\t:local urlScheme \"http\";\
\n\t\t:if (\$secureUpdate) do={\
\n\t\t\t:set urlScheme \"https\";\
\n\t\t}\
\n\t\t\
\n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
red since \? is a special character in commands.\
\n /tool fetch url=\"\$urlScheme://members.dyndns.org/nic/update\\3\
Fhostname=\$hosts&myip=\$currentIpAddress\" user=\$userId password=\$passw\
ord keep-result=\$saveResult;\
\n :log info \"ddns: Hosts updated on DynDNS with ip address (\$cur\
rentIpAddress).\";\
\n }\
\n} else={\
\n :log error \"ddns: Interface (\$gatewayInterface) is invalid or not \
currently running.\";\
\n}"
add name=external-ip policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Set n\
eeded variables\
\n:global extinterface \"ether1-gateway\"\
\n:global ExtIpListName \"external-ip\"\
\n:global extip \"\"\
\n:global oldextip \"\"\
\n\
\n# Grab the current IP address on that interface.\
\n:local extip2 [/ip address get [/ip address find interface=\$extinterfac\
e ] address];\
\n:set extip [:pick \$extip2 0 [:find \$extip2 \"/\"]];\
\n\
\n:if ([:len [/ip firewall address-list find list=\$ExtIpListName]] > 0) d\
o={\
\n :set oldextip [/ip firewall address-list get [/ip firewall address-li\
st find list=\$ExtIpListName] address];\
\n :if (\$oldextip != \$extip) do={\
\n /ip firewall address-list set [/ip firewall address-list find list\
=\$ExtIpListName address=\$oldextip] address=\$extip\
\n :log info \"External IP relpace from \$oldextip to \$extip\"\
\n };\
\n} else={\
\n /ip firewall address-list add list=\$ExtIpListName address=\$extip\
\n :log info \"New external IP added: \$extip\"\
\n};"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool romon port
add disabled=no
»ç¿ë ÇϽô SK ÀÎÅÍ³Ý È¸¼±¿¡¼ 80¹ø Æ÷Æ®¸¦ ¸·Àº °æ¿ì°¡ ¾Æ´Ò·±Áö¿ä.????
ÀÇ¿Ü·Î 80Æ÷Æ®´Â ¸·´Â °æ¿ì°¡ ¸¹À¸´Ï±î¿ä...
Àú³á¿¡ Æ÷Æ®º¯°æÇؼ ´Ù½Ã ½ÃµµÇغ¸°Ú½À´Ï´Ù
°¨»çÇÕ´Ï´Ù
http://2cpu.co.kr/bbs/board.php?bo_table=lec&wr_id=1709&sca=&sfl=wr_subject&stx=mikrotik&sop=and