Nedostupnost routeru z WAN site pri dvou ISP
Napsal: 11 Nov 2008 13:24
Zdravim,
mam problem s dostupnosti RB600 ktery je pripojen na dva ruzne ISP.Mam na ether1 (WAN1) pripojen ADSL modem se siti 192.168.178.0/24 a na port ether2 (WAN2) je pripojen Wifi se siti 172.16.0.0/24.Na port ether3 ma pripojene site (LAN1) 192.168.100.0/24 a (LAN2)192.168.1.0/24.Kazda sit LAN je smerovana na jinyho ISP.Rozliseni smerovani mam nastavene pres MANGLE.Problem je ze nevim jak nastavit vstupni rule na firewallu pro dostupnost pingu z ISP na WAN rozhrani.Z LAN na ISP neni problem,vse funguje korektne.Prosim muzete me nekdo poradit???
[admin@MikroTik] /ip firewall mangle> print
0 chain=prerouting action=mark-routing new-routing-mark=WAN1 passthrough=yes
src-address=192.168.100.0/24
1 chain=prerouting action=mark-routing new-routing-mark=WAN2
passthrough=yes src-address=192.168.1.0/24
[admin@MikroTik] /ip route> print
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE ROUTING MARK
0 A S 0.0.0.0/0 reachable 192.168.178.1 1 ether1 WAN1
1 A S 0.0.0.0/0 reachable 172.16.0.1 1 ether2 WAN2
2 ADC 172.16.0.0/24 172.16.0.2 0 ether2
3 ADC 192.168.1.0/24 192.168.1.1 0 ether3
4 ADC 192.168.100.0/24 192.168.100.1 0 ether3
5 ADC 192.168.178.0/24 192.168.178.2 0 ether1
[admin@MikroTik] /ip firewall nat> print
0 chain=srcnat action=masquerade src-address=192.168.100.0/24
1 chain=srcnat action=src-nat to-addresses=192.168.178.2 to-ports=0-65535 src-address=192.168.100.0/24
2 chain=srcnat action=masquerade src-address=192.168.1.0/24
3 chain=srcnat action=src-nat to-addresses=172.16.0.2 to-ports=0-65535 src-address=192.168.1.0/24
mam problem s dostupnosti RB600 ktery je pripojen na dva ruzne ISP.Mam na ether1 (WAN1) pripojen ADSL modem se siti 192.168.178.0/24 a na port ether2 (WAN2) je pripojen Wifi se siti 172.16.0.0/24.Na port ether3 ma pripojene site (LAN1) 192.168.100.0/24 a (LAN2)192.168.1.0/24.Kazda sit LAN je smerovana na jinyho ISP.Rozliseni smerovani mam nastavene pres MANGLE.Problem je ze nevim jak nastavit vstupni rule na firewallu pro dostupnost pingu z ISP na WAN rozhrani.Z LAN na ISP neni problem,vse funguje korektne.Prosim muzete me nekdo poradit???
[admin@MikroTik] /ip firewall mangle> print
0 chain=prerouting action=mark-routing new-routing-mark=WAN1 passthrough=yes
src-address=192.168.100.0/24
1 chain=prerouting action=mark-routing new-routing-mark=WAN2
passthrough=yes src-address=192.168.1.0/24
[admin@MikroTik] /ip route> print
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE ROUTING MARK
0 A S 0.0.0.0/0 reachable 192.168.178.1 1 ether1 WAN1
1 A S 0.0.0.0/0 reachable 172.16.0.1 1 ether2 WAN2
2 ADC 172.16.0.0/24 172.16.0.2 0 ether2
3 ADC 192.168.1.0/24 192.168.1.1 0 ether3
4 ADC 192.168.100.0/24 192.168.100.1 0 ether3
5 ADC 192.168.178.0/24 192.168.178.2 0 ether1
[admin@MikroTik] /ip firewall nat> print
0 chain=srcnat action=masquerade src-address=192.168.100.0/24
1 chain=srcnat action=src-nat to-addresses=192.168.178.2 to-ports=0-65535 src-address=192.168.100.0/24
2 chain=srcnat action=masquerade src-address=192.168.1.0/24
3 chain=srcnat action=src-nat to-addresses=172.16.0.2 to-ports=0-65535 src-address=192.168.1.0/24