Ziņa: 2'086
Virtenes: 530
Pievienojies: 2019 Sep
Reputācija:
6
Valsts:
"Kā cilvēks, kam trūkst pašcieņas, nav dīdzējs, bet nīcējs, tā arī tauta, kurai nav pašapziņas." K.Mīlenbahs
Ziņa: 2'086
Virtenes: 530
Pievienojies: 2019 Sep
Reputācija:
6
Valsts:
Līdz tam, kā es jau biju uzstādījis, viss daudz maz iet ... bet izmainīt neko vairāk nevar.
Vienīgo ko microsoft lietotājs nav izdomāt ir pārinstalēt, proti:
https://wiki.mikrotik.com/wiki/Manual:Netinstall
"Kā cilvēks, kam trūkst pašcieņas, nav dīdzējs, bet nīcējs, tā arī tauta, kurai nav pašapziņas." K.Mīlenbahs
Ziņa: 2'086
Virtenes: 530
Pievienojies: 2019 Sep
Reputācija:
6
Valsts:
Citāts:You can redirect all DNS requests to your router which is better solution
/ip firewall nat
add action=redirect chain=dstnat comment=dns dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
https://forum.mikrotik.com/viewtopic.php...59#p235798
"Kā cilvēks, kam trūkst pašcieņas, nav dīdzējs, bet nīcējs, tā arī tauta, kurai nav pašapziņas." K.Mīlenbahs
Ziņa: 2'086
Virtenes: 530
Pievienojies: 2019 Sep
Reputācija:
6
Valsts:
https://help.mikrotik.com/docs/display/R...HairpinNAT
Citāts:The issue occurs, when a client on the same internal network as the webserver requests a connection to the web server's public IP address, the connection breaks:
- the client sends a packet with a source IP address of 10.0.0.2 to a destination IP address of 172.16.16.1 on port 443 to request some web resource;
- the router destination NATs the packet to 10.0.0.3 and replaces the destination IP address in the packet accordingly. The source IP address stays the same: 10.0.0.2;
- the server replies to the client's request. However, the source IP address of the request is on the same subnet as the webserver. The web server does not send the reply back to the router but sends it back directly to 10.0.0.2 with a source IP address in the reply of 10.0.0.3;
- The client receives the reply packet, but it discards it because it expects a packet back from 172.16.16.1, and not from 10.0.0.3;
To resolve this issue, we will configure the src-nat rule as follows:
Kods:
/ip firewall natadd action=masquerade chain=srcnat dst-address=10.0.0.3 out-interface=LAN protocol=tcp src-address=10.0.0.0/24
After configured rule above:
- the client sends a packet with a source IP address of 10.0.0.2 to a destination IP address of 172.16.16.1 on port 443 to request some web resource;
- the router destination NATs the packet to 10.0.0.3 and replaces the destination IP address in the packet accordingly. It also source NATs the packet and replaces the source IP address in the packet with the IP address on its LAN interface. The destination IP address is 10.0.0.3, and the source IP address is 10.0.0.1;
- the webserver replies to the request and sends the reply with a source IP address of 10.0.0.3 back to the router's LAN interface IP address of 10.0.0.1;
- the router determines that the packet is part of a previous connection and undoes both the source and destination NAT, and puts the original destination IP address of 1.1.1.1 into the source IP address field, and the original source IP address of 172.16.16.1 into the destination IP address field
Tā redz ...
"Kā cilvēks, kam trūkst pašcieņas, nav dīdzējs, bet nīcējs, tā arī tauta, kurai nav pašapziņas." K.Mīlenbahs
Ziņa: 2'086
Virtenes: 530
Pievienojies: 2019 Sep
Reputācija:
6
Valsts:
Ar hairpinu ir tā kā formās ir jāizveido tīkls ala 10.0.0.0/24 un tad patiesi strādā.
"Kā cilvēks, kam trūkst pašcieņas, nav dīdzējs, bet nīcējs, tā arī tauta, kurai nav pašapziņas." K.Mīlenbahs