[¹ÌÅ©·Îƽ] ddns ¹× Æ÷Æ®Æ÷¿öµù Áú¹®µå¸³´Ï´Ù.

   Á¶È¸ 5687   Ãßõ 0    

http://www.2cpu.co.kr/bbs/board.php?bo_table=QnA&wr_id=512127#c_512130

저의 무지로 저난 주  올렸던 질문 정보와 내용이 부족하여 같은 내용으로 다시 올리게 되어 송구스럽습니다.


현재 상태는 스크립트와 스케줄러로 ddns가 설정되어 있습니다. 

내부망에서 설정해놓은 도메인에 연결하면 192.168.88.1 (Webfig)가 정상적으로 연결됩니다.

외부에서 같은 주소로 접속하면 연결이 되지 않습니다.


희망사항은 아래의 장비들이 외부에서 ddns, 포트 포워딩 해논것들이 연결이 되었으면 합니다. 

1. 라우터보드 외부접속 (192.168.88.1)  

2. hp ILO 4 외부접속 (192.168.88.251)

3. 서버외부접속(192.168.88.248) : 80포트  , 1521포트 


현재 무슨 이유인지 

mycloud에서 트렌스미션 9091포트와, 9000포트 재생페이지는 정상적으로 연결됩니다.


이것 저것 해보았는데 엉킹것이 아닌지 모르겠습니다.

혹시 몰라 설정 값을 아래에 첨부합니다.

외부에서 들어오는 sk 인터넷 선을 바로 미크로틱에 물린 상태입니다.


# mar/07/2016 23:20:55 by RouterOS 6.29.1

# software id = FGCJ-RWF0

#

/interface bridge

add admin-mac= auto-mac=no name=bridge-local

/interface ethernet

set [ find default-name=ether1 ] name=ether1-gateway

set [ find default-name=ether2 ] name=ether2-master-local

set [ find default-name=ether3 ] master-port=ether2-master-local name=\

    ether3-slave-local

set [ find default-name=ether4 ] master-port=ether2-master-local name=\

    ether4-slave-local

set [ find default-name=ether5 ] master-port=ether2-master-local name=\

    ether5-slave-local

set [ find default-name=ether6 ] name=ether6-master-local

set [ find default-name=ether7 ] master-port=ether6-master-local name=\

    ether7-slave-local

set [ find default-name=ether8 ] master-port=ether6-master-local name=\

    ether8-slave-local

set [ find default-name=ether9 ] master-port=ether6-master-local name=\

    ether9-slave-local

set [ find default-name=ether10 ] master-port=ether6-master-local name=\

    ether10-slave-local

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\

    20/40mhz-ht-above country="korea republic" disabled=no distance=indoors \

    frequency=auto l2mtu=2290 mode=ap-bridge ssid=MikroTik-37828B \

    wireless-protocol=802.11

/ip neighbor discovery

set ether1-gateway discover=no

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\

    tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \

    wpa-pre-shared-key=wifipass wpa2-pre-shared-key=wifipass

/ip pool

add name=dhcp ranges=192.168.88.10-192.168.88.254

add name=vpn ranges=192.168.89.2-192.168.89.255

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge-local name=default

/port

set 0 name=serial0

/ppp profile

set [ find name=default ] name=default

set [ find name=default-encryption ] local-address=192.168.89.1 name=\

    default-encryption remote-address=vpn

/interface bridge port

add bridge=bridge-local interface=ether2-master-local

add bridge=bridge-local interface=ether6-master-local

add bridge=bridge-local interface=sfp1

add bridge=bridge-local interface=wlan1

/interface l2tp-server server

set use-ipsec=yes

/interface sstp-server server

set default-profile=default-encryption

/ip address

add address=192.168.88.1/24 comment="default configuration" interface=\

    ether2-master-local network=192.168.88.0

/ip cloud

set ddns-enabled=yes

/ip dhcp-client

add comment="default configuration" dhcp-options=hostname,clientid disabled=\

    no interface=ether1-gateway

/ip dhcp-server network

add address=192.168.88.0/24 comment="default configuration" gateway=\

    192.168.88.1

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.88.1 name=router

/ip firewall address-list

add address=58.126.245.76 list=external-ip

/ip firewall filter

add chain=input comment="default configuration" protocol=icmp

add chain=input comment="default configuration" connection-state=\

    established,related

add chain=input comment="allow l2tp" dst-port=1701 protocol=udp

add chain=input comment="allow pptp" dst-port=1723 protocol=tcp

add chain=input comment="allow sstp" dst-port=443 protocol=tcp

add action=drop chain=input comment="default configuration" in-interface=\

    ether1-gateway

add action=fasttrack-connection chain=forward comment="default configuration" \

    connection-state=established,related

add chain=forward comment="default configuration" connection-state=\

    established,related

add action=drop chain=forward comment="default configuration" \

    connection-state=invalid

add action=drop chain=forward comment="default configuration" \

    connection-nat-state=!dstnat connection-state=new in-interface=\

    ether1-gateway

add chain=forward dst-port=5000 protocol=tcp src-address=192.168.88.250 \

    src-port=5000

add chain=forward dst-port=8001 port=8001 protocol=tcp src-address=\

    192.168.88.246 src-port=8001

add chain=input dst-port=8291 protocol=tcp

add action=fasttrack-connection chain=input

add action=fasttrack-connection chain=forward

/ip firewall nat

add action=masquerade chain=srcnat comment="default configuration" \

    out-interface=ether1-gateway

add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\

    192.168.89.0/24

add action=dst-nat chain=dstnat dst-address=58.126.245.76 dst-port=9000 \

    in-interface=bridge-local protocol=tcp to-addresses=192.168.88.250 \

    to-ports=9000

add action=dst-nat chain=dstnat dst-address=58.126.245.76 dst-port=9000 \

    in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.250 \

    to-ports=9000

add action=dst-nat chain=dstnat dst-port=9091 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.250 to-ports=9091

add action=dst-nat chain=dstnat dst-port=7999 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.248 to-ports=7999

add action=dst-nat chain=dstnat dst-port=8001 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.1 to-ports=8001

add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.248 to-ports=80

add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.246 to-ports=80

add action=dst-nat chain=dstnat dst-port=8001 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.246 to-ports=8001

add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.251 to-ports=8888

add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.251 to-ports=8888

add action=dst-nat chain=dstnat dst-port=17990 in-interface=ether1-gateway \

    protocol=tcp to-addresses=192.168.88.251 to-ports=17990

add action=dst-nat chain=dstnat dst-address=58.126.245.76 dst-port=443 \

    in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.251 \

    to-ports=443

/ppp secret

add name=vpn

/system clock

set time-zone-name=Asia/Seoul

/system routerboard settings

set protected-routerboot=disabled

/system scheduler

add interval=10m name=dynDNS on-event="/system scheduler add name=dynDNS" \

    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \

    start-date=mar/04/2016 start-time=12:07:55

add name=schedule1 on-event="/ip firewall filter add action=accept chain=input\

    \_dst-port=22 protocol=tcp " start-date=mar/04/2016 start-time=12:39:37

add interval=1m name=external-ip on-event="\

    \n # Set needed variables\

    \n:global extinterface \"ether1-gateway\"\

    \n:global ExtIpListName \"external-ip\"\

    \n:global extip \"\"\

    \n:global oldextip \"\"\

    \n\

    \n# Grab the current IP address on that interface.\

    \n:local extip2 [/ip address get [/ip address find interface=\$extinterfac\

    e ] address];\

    \n:set extip [:pick \$extip2 0 [:find \$extip2 \"/\"]];\

    \n\

    \n:if ([:len [/ip firewall address-list find list=\$ExtIpListName]] > 0) d\

    o={\

    \n   :set oldextip [/ip firewall address-list get [/ip firewall address-li\

    st find list=\$ExtIpListName] address];\

    \n   :if (\$oldextip != \$extip) do={\

    \n      /ip firewall address-list set [/ip firewall address-list find list\

    =\$ExtIpListName address=\$oldextip] address=\$extip\

    \n     :log info \"External IP relpace from \$oldextip to \$extip\"\

    \n   };\

    \n} else={\

    \n   /ip firewall address-list add list=\$ExtIpListName address=\$extip\

    \n   :log info \"New external IP added: \$extip\"\

    \n};" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \

    start-date=mar/05/2016 start-time=10:22:04

/system script

add name=dynDNS policy=\

    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# DynDN\

    S update script v1.1\

    \n# http://www.mizniz.net/14\

    \n\

    \n:local userId \"아이\";\

    \n:local password \"비밀번\";\

    \n:local hosts \.mooo.com\";\

    \n:local gatewayInterface \"ether1-gateway\";\

    \n:local secureUpdate no;\

    \n:local saveResult yes;\

    \n\

    \n:global previousIpAddress;\

    \n\

    \n:if ([/interface find where name=\$gatewayInterface running=yes] != \"\"\

    ) do={\

    \n# Get the current IP on the interface\

    \n    :local currentIpAddress [/ip address get [find interface=\"\$gateway\

    Interface\" disabled=no] address];\

    \n# Strip the net mask off the IP address\

    \n    :for i from=( [:len \$currentIpAddress] - 1) to=0 do={\

    \n        :if ( [:pick \$currentIpAddress \$i] = \"/\") do={ \

    \n            :set currentIpAddress [:pick \$currentIpAddress 0 \$i];\

    \n        } \

    \n    }\

    \n\

    \n    :if (\$currentIpAddress != \$previousIpAddress) do={\

    \n        :log info \"ddns: Current ip address (\$currentIpAddress) is not\

    \_equal to previous ip address, update needed\";\

    \n        :set previousIpAddress \$currentIpAddress;\

    \n\t\t\

    \n\t\t:local urlScheme \"http\";\

    \n\t\t:if (\$secureUpdate) do={\

    \n\t\t\t:set urlScheme \"https\";\

    \n\t\t}\

    \n\t\t\

    \n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\

    red since \? is a special character in commands.\

    \n        /tool fetch url=\"\$urlScheme://members.dyndns.org/nic/update\\3\

    Fhostname=\$hosts&myip=\$currentIpAddress\" user=\$userId password=\$passw\

    ord keep-result=\$saveResult;\

    \n        :log info \"ddns: Hosts updated on DynDNS with ip address (\$cur\

    rentIpAddress).\";\

    \n    }\

    \n} else={\

    \n    :log error \"ddns: Interface (\$gatewayInterface) is invalid or not \

    currently running.\";\

    \n}"

add name=external-ip policy=\

    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Set n\

    eeded variables\

    \n:global extinterface \"ether1-gateway\"\

    \n:global ExtIpListName \"external-ip\"\

    \n:global extip \"\"\

    \n:global oldextip \"\"\

    \n\

    \n# Grab the current IP address on that interface.\

    \n:local extip2 [/ip address get [/ip address find interface=\$extinterfac\

    e ] address];\

    \n:set extip [:pick \$extip2 0 [:find \$extip2 \"/\"]];\

    \n\

    \n:if ([:len [/ip firewall address-list find list=\$ExtIpListName]] > 0) d\

    o={\

    \n   :set oldextip [/ip firewall address-list get [/ip firewall address-li\

    st find list=\$ExtIpListName] address];\

    \n   :if (\$oldextip != \$extip) do={\

    \n      /ip firewall address-list set [/ip firewall address-list find list\

    =\$ExtIpListName address=\$oldextip] address=\$extip\

    \n     :log info \"External IP relpace from \$oldextip to \$extip\"\

    \n   };\

    \n} else={\

    \n   /ip firewall address-list add list=\$ExtIpListName address=\$extip\

    \n   :log info \"New external IP added: \$extip\"\

    \n};"

/tool mac-server

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=ether5-slave-local

add interface=ether6-master-local

add interface=ether7-slave-local

add interface=ether8-slave-local

add interface=ether9-slave-local

add interface=ether10-slave-local

add interface=sfp1

add interface=wlan1

add interface=bridge-local

/tool mac-server mac-winbox

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=ether5-slave-local

add interface=ether6-master-local

add interface=ether7-slave-local

add interface=ether8-slave-local

add interface=ether9-slave-local

add interface=ether10-slave-local

add interface=sfp1

add interface=wlan1

add interface=bridge-local

/tool romon port

add disabled=no


rb2011 UiAS-2HnD-IN z620 Gen8 esxi 우분투 MyCloud
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
¾î¶»°Ô º¸¸é ´Ü¼øÇÑ ¹®Á¦ÀÏ·±Áöµµ...
»ç¿ë ÇϽô SK ÀÎÅÍ³Ý È¸¼±¿¡¼­ 80¹ø Æ÷Æ®¸¦ ¸·Àº °æ¿ì°¡ ¾Æ´Ò·±Áö¿ä.????
ÀÇ¿Ü·Î 80Æ÷Æ®´Â ¸·´Â °æ¿ì°¡ ¸¹À¸´Ï±î¿ä...
     
¼±±¸ÀÚ2 2016-03
±×·±¹®Á¦Àϼöµµ Àְڳ׿ä

Àú³á¿¡ Æ÷Æ®º¯°æÇؼ­ ´Ù½Ã ½ÃµµÇغ¸°Ú½À´Ï´Ù

°¨»çÇÕ´Ï´Ù
¼±±¸ÀÚ2 2016-03
[Mikrotik] NAT loopback / Hairpin NATÀÇ ¾Æ·¡ÀÇ ±ÛÀÌ µµ¿òÀÌ µÇ¾ú½À´Ï´Ù. °¨»çÇÕ´Ï´Ù.

http://2cpu.co.kr/bbs/board.php?bo_table=lec&wr_id=1709&sca=&sfl=wr_subject&stx=mikrotik&sop=and


QnA
Á¦¸ñPage 2454/5685
2014-05   4967030   Á¤ÀºÁØ1
2015-12   1503415   ¹é¸Þ°¡
2016-03   4337   ȸ¿øK
2016-03   5259   dragoune
2016-03   4043   ¿À¸®Áø¸®
2016-03   4737   ±è»ó¹Î
2016-03   5040   ±ô¹Ú±ô¹Ú°¡
2016-03   3907   ½½·çÇÁ
2016-03   3576   2cpumem
2016-03   4924   ³Ä¾Æ¾Æ¾Æ¾Ï
2016-03   19411   petabyte
2016-03   4559   s±èÁ¾È­z
2016-03   6377   ¹«¾Æ
2016-03   4162   ¼ö¿¬¾Æºü
2016-03   4072   Äí¿ì¿¡¿ä
2016-03   4678   ȸ¿øK
2016-03   3514   Lynx
2016-03   4555   ÁöÁ¸ÄÄÇ»ÅÍ
2016-03   3184   µÎ¸®¾È
2016-03   5688   ŵ°íÀ×
2016-03   4443   agegold
2016-03   3434   ÈæÀÎÀÔ¼ú