kazdy mikrotik podporuje klientsky mod - teda ze bude pripojeny na nejake ine APcko.
https://wiki.mikrotik.com/wiki/Manual:I ... e/Wireless
/interface wireless set MENORADIA mode=station
Nerozumiem ale vyjadreniu "kábel do pc"... ze mikrotik sa niekde pripoji ako klient a ze nejake PC bude pripojene do Mikrotiku, cim vlastne tomu PCcku umoznis aby isiel na internet atd ? Povedane inak, chces pouzit mikrotik namiesto klasickej radiovej wifi karty ?
Mikrotik - pre zaciatocnikov
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 12259
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
-
Andrew007
- Čierna listina bazáru
- Príspevky: 1737
- Dátum registrácie: Ne 28. Dec, 2008, 20:14
- Bydlisko: Senec
Re: Mikrotik - pre zaciatocnikov
Mam to nastavene ...trvalo mi to len 3 hodiny... 
neviem si vynachvalit tu mydlovu krabicku. Na Asus vdls osm vypol wifinku, nechal len dhcp a fixol dajake staticke adresy pre vonkajsie anteny . Na mikrotiku som vyhradil rezim G/N znizil vysielaci vykon, ponechal indoor, pohral sa s ht-amsdu-limit ci ako sa to vola a siet krasne svizna ...hracka za 17€ dala dole n18u za 70€ . Cim viac sa vrtam v nom cez winbox tym vaac ma to bavi
neviem si vynachvalit tu mydlovu krabicku. Na Asus vdls osm vypol wifinku, nechal len dhcp a fixol dajake staticke adresy pre vonkajsie anteny . Na mikrotiku som vyhradil rezim G/N znizil vysielaci vykon, ponechal indoor, pohral sa s ht-amsdu-limit ci ako sa to vola a siet krasne svizna ...hracka za 17€ dala dole n18u za 70€ . Cim viac sa vrtam v nom cez winbox tym vaac ma to bavi 5800X3D - ROG strix B550-A gaming - 4090 GS - Corsair 32/3600 - 970 evo 1TB - Corsair RM850 - Dell 2716DG 2K/144 / Dell Gaming G3223Q 4K/120
Re: Mikrotik - pre zaciatocnikov
Route world with MikroTik!
Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
-
shiro
- Pokročilý používateľ
- Príspevky: 8731
- Dátum registrácie: Št 21. Dec, 2006, 02:00
- Bydlisko: Banska Bystrica
Re: Mikrotik - pre zaciatocnikov
presne tak
Ryzen 7 3700X | SilentiumPC Fera 3 | Asrock X570M Pro4 | Patriot Viper 4 Blackout 16GB DDR4-3600 CL17 | Gainward RTX4060 Ti Pegasus 8GB | Samsung 970evo Plus 250GB NVMe | Corsair MP510 1TB NVMe | Samsung 980 Pro 2TB NVMe | Corsair RM550x | 32" Samsung ViewFinity S60UA | 3x Noctua NF-S12B redux 1200 PWM
Xiaomi Mi 9 Lite 64GB
Xiaomi Mi 9 Lite 64GB
Re: Mikrotik - pre zaciatocnikov
Zdravim, zajtra mam NAS doma.. sobotu ceknem... isto iste budem mat par otazok, takze sa tesim na skusenosti...
prva - dostupne NAS /konkretne FTP/ z vonku - ako na to ?
Premyslam dobre? Pouzijeme Destination NAT:
add chain=dstnat dst-address=moja_IP_na_WAN_porte dst-port=Port_ktory_si_zvolim protocol=tcp action=dst-nat to-addresses=IP_Adresa_FTPcka
Nejake dalsie tipy na NAT/ FW rules v pripade, ze do rodiny prislo NASko ? V buducnu sa budem urcite hrat s email serverom mozno...
Este doplnok - moja ip na wan porte - myslime na moju verejnu IP - aj ked ju nemam priamo na WAN - presmerovanie od ISP to zabezpeci zamna - dumam dobre ?
//EDIT - tak blbost, ked teraz premyslam.... moja IP na WAN bude vzdy IP od ISP - to presmerovanie uz zabezpecuje ISP... tak, nie ?
Public IP ► ISP IP on WAN ► NAT to internal private IP (NAS)
prva - dostupne NAS /konkretne FTP/ z vonku - ako na to ?
Premyslam dobre? Pouzijeme Destination NAT:
add chain=dstnat dst-address=moja_IP_na_WAN_porte dst-port=Port_ktory_si_zvolim protocol=tcp action=dst-nat to-addresses=IP_Adresa_FTPcka
Nejake dalsie tipy na NAT/ FW rules v pripade, ze do rodiny prislo NASko ? V buducnu sa budem urcite hrat s email serverom mozno...
Este doplnok - moja ip na wan porte - myslime na moju verejnu IP - aj ked ju nemam priamo na WAN - presmerovanie od ISP to zabezpeci zamna - dumam dobre ?
//EDIT - tak blbost, ked teraz premyslam.... moja IP na WAN bude vzdy IP od ISP - to presmerovanie uz zabezpecuje ISP... tak, nie ?
Public IP ► ISP IP on WAN ► NAT to internal private IP (NAS)
Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
Re: Mikrotik - pre zaciatocnikov
Ludia - toto sa mi objavilo, ked som nastartoval stolny PC - kde mam autostart utorrentu...
nikdy v zivote to tam predtym nebolo... WTF ?
10.251.0.10 je IP od ISP
nikdy v zivote to tam predtym nebolo... WTF ?
10.251.0.10 je IP od ISP
Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
Re: Mikrotik - pre zaciatocnikov
NO NASko rozbalene - neviem sprovoznit SMB Na FTP sa pripojim cez Filezzilu ale cez windows nie... to bude nastavovania Zajtra rano sa nato pozriem.. keby ste mali nejaky rady ti, co maju skusenosti, budem len rad. Mam QNAP TS-128
Na FTP sa pripojim cez Filezzilu ale cez windows nie... to bude nastavovania Zajtra rano sa nato pozriem.. keby ste mali nejaky rady ti, co maju skusenosti, budem len rad. Mam QNAP TS-128Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
Re: Mikrotik - pre zaciatocnikov
Tak ftp zrazu nabehlo aj cez windows prieskumnika...
mam takto nastavene NAT:
Vcera sa mi cez O2 podarilo dostat do ftp cez androidappku ES File Explorer.. dnes uz to nejde...
Dalej, vsimol som si ak mam zapnute to NAT pravidlo pre pristup z vonku, kopia sa mi tu taketo logy:
Tak som ho pre istotu vypol...
No a SMB stale neviem rozchodit... mate tu niekto Windows 10 a Qnap ? Chcem proste do buducna vsetko davat na NAS (filmy, hudba, foto) a pristupovat k tomu v ramci LAN bez toho aby som to musel kopirovat cez FTP namiesto toho to rovno citat (napr. pozerat film)... idem sa spytat uja google...
FTP fungiren, SMB fungiren - DLNA neviem dat do kopy... ale som nadseny
mam takto nastavene NAT:
Kód: Vybrať všetko
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
1 XI ;;; Pristup na FTP QNAP TS-128
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=21 protocol=tcp dst-address=10.251.0.10
dst-port="" log=yes log-prefix=""
2 D ;;; upnp 192.168.2.98: Teredo
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=59611 protocol=udp dst-address=10.251.0.10
in-interface=ether1 dst-port=59611
3 D ;;; upnp 192.168.2.98: uTorrent (TCP)
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=29126 protocol=tcp dst-address=10.251.0.10
in-interface=ether1 dst-port=29126
4 D ;;; upnp 192.168.2.98: uTorrent (UDP)
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=29126 protocol=udp dst-address=10.251.0.10
in-interface=ether1 dst-port=29126
Dalej, vsimol som si ak mam zapnute to NAT pravidlo pre pristup z vonku, kopia sa mi tu taketo logy:
Tak som ho pre istotu vypol...
No a SMB stale neviem rozchodit... mate tu niekto Windows 10 a Qnap ? Chcem proste do buducna vsetko davat na NAS (filmy, hudba, foto) a pristupovat k tomu v ramci LAN bez toho aby som to musel kopirovat cez FTP namiesto toho to rovno citat (napr. pozerat film)... idem sa spytat uja google...
FTP fungiren, SMB fungiren - DLNA neviem dat do kopy... ale som nadseny
Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 12259
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
dofrasa mne ti tieto updaty nejako usli - kuknem ti na to a vyňadrím sa dakedy neskoro vecer...
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Budem len rad!
Inak to SMB - stacilo natvrdo si natukat ipcku na kt. mam NASko
Keby si potreboval nejakee printy, daj vediet. Ak na daco narazim updatnem... a teraz skusam z internetu sa nedostanem na ftp...
Inak ostatni co tu mate RBcka a pouzivate utorrent ceknite si NATko ci sa Vam tam tiez same od seba objavili (ja som to nebol urcite, v logoch nic nie je, heslo do RBcka som pre istotu zmenil)...
Este jedna otazka - Turbo na tychto NAS sa da vytvorit server, kde by sa z MikroTiku odosielali Logy ?
NAT:
Tak neviem no... NAS mam nastavene takto:
Inak to SMB - stacilo natvrdo si natukat ipcku na kt. mam NASko
Keby si potreboval nejakee printy, daj vediet. Ak na daco narazim updatnem... a teraz skusam z internetu sa nedostanem na ftp...
Inak ostatni co tu mate RBcka a pouzivate utorrent ceknite si NATko ci sa Vam tam tiez same od seba objavili (ja som to nebol urcite, v logoch nic nie je, heslo do RBcka som pre istotu zmenil)...
Este jedna otazka - Turbo na tychto NAS sa da vytvorit server, kde by sa z MikroTiku odosielali Logy ?
NAT:
Kód: Vybrať všetko
0 ;;; FTP QNAP TS-128
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=20-21 protocol=tcp dst-address=10.251.0.10
connection-type=ftp in-interface=ether1 dst-port=20-21 log=yes log-prefix=""
1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
2 D ;;; upnp 192.168.2.98: Teredo
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=59611 protocol=udp dst-address=10.251.0.10
in-interface=ether1 dst-port=59611
3 D ;;; upnp 192.168.2.98: uTorrent (TCP)
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=29126 protocol=tcp dst-address=10.251.0.10
in-interface=ether1 dst-port=29126
4 D ;;; upnp 192.168.2.98: uTorrent (UDP)
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=29126 protocol=udp dst-address=10.251.0.10
in-interface=ether1 dst-port=29126
Tak neviem no... NAS mam nastavene takto:
Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
Re: Mikrotik - pre zaciatocnikov
Tak viem sa dostat na FTP/SMB a NASka cez VPNko cize tym by sa to rieslo.. ale nebolo by odveci pristupovat priamo na FTP bez VPN - typujem, ze je to rychlejsie.
Ako VPN protokol pouzivam PPTP - urcite si aj lepsie riesenie medzi WIN/Android - MikroTik len som sa do toho este nepozeral...
Ako VPN protokol pouzivam PPTP - urcite si aj lepsie riesenie medzi WIN/Android - MikroTik len som sa do toho este nepozeral...
Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
Re: Mikrotik - pre zaciatocnikov
Takze viem sa pripojit z verejnej na admin. rozhranie do NAS:
verejnaIP:port_na_ktorom_bezi_NAS
Ale nepripojim sa verejnaIP:Port_FTP
FW:
NAT:
verejnaIP:port_na_ktorom_bezi_NAS
Ale nepripojim sa verejnaIP:Port_FTP
FW:
Kód: Vybrať všetko
1 chain=forward action=accept connection-state=established,related connection-nat-state="" in-interface=ether1
log=no log-prefix=""
2 chain=forward action=accept connection-state=established,related log=no log-prefix=""
3 ;;; Pristup na QNAP TS-128
chain=input action=accept protocol=tcp dst-address=192.168.5.10 dst-port=8080 log=no log-prefix=""
4 ;;; Pristup na FTP QNAP TS-128
chain=input action=accept connection-state="" connection-nat-state=dstnat protocol=tcp
dst-address=192.168.5.10 connection-type=ftp dst-port=20-21 log=yes log-prefix=""
5 ;;; PINGUJESE ZIJES!
chain=input action=accept protocol=icmp log=no log-prefix=""
6 chain=input action=accept connection-state=established
7 chain=input action=accept connection-state=related
8 ;;; VZDIALENY PRISTUP Z WINBOXu
chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""
9 ;;; POVOLIT PPTP na port 1723
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""
10 ;;; POVOLIT PPTP na protocole 47
chain=input action=accept protocol=gre log=no log-prefix=""
11 ;;; Povol DNS navsteve cez TCP
chain=input action=accept protocol=tcp src-address=192.168.60.0/24 dst-port=53 log=no log-prefix=""
12 ;;; Povol DNS navsteve cez UDP
chain=input action=accept protocol=udp src-address=192.168.60.0/24 dst-port=53 log=no log-prefix=""
13 ;;; ZAKAZ WEB Z VONKU
chain=input action=drop protocol=tcp in-interface=ether1 dst-port=80 log=no log-prefix=""
14 ;;; BLOKUJ VSETKY POZIADAVKY NA MOJE DNS Z VONKU (tcp)
chain=input action=drop connection-state=new protocol=tcp in-interface=ether1 dst-port=53 log=no log-prefix=""
15 ;;; BLOKUJ VSETKY POZIADAVKY NA MOJE DNS Z VONKU (udp)
chain=input action=drop connection-state=new protocol=udp in-interface=ether1 dst-port=53 log=no log-prefix=""
16 ;;; UKAZAT PROSTREDNICKEK PRI POKUSE O LOGIN NA MIKROTICEK
chain=input action=drop src-address=192.168.60.0/24 log=no log-prefix=""
17 ;;; SUKROMIE JE CENNE
chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.2.0/24 log=no log-prefix=""
18 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.3.0/24 log=no log-prefix=""
19 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.4.0/24 log=no log-prefix=""
20 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.5.0/24 log=no log-prefix=""
21 chain=forward action=reject reject-with=icmp-network-unreachable src-address=192.168.60.0/24
dst-address=192.168.24.0/24 log=no log-prefix=""
22 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.50.0/24 log=no log-prefix=""
23 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
24 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 log=no
log-prefix=""
25 chain=input action=drop in-interface=ether1 log=no log-prefix="" Kód: Vybrať všetko
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
1 ;;; Pristup na QNAP TS-128
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=8080 protocol=tcp dst-address=10.251.0.10
dst-port=8080 log=yes log-prefix=""
2 ;;; Povol FTP z vonku
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=20-21 protocol=tcp dst-address=10.251.0.10
connection-type=ftp dst-port=20-21 log=yes log-prefix=""Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 12259
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
dofrasa ja som na to nemal prioritu 
dnes vecer
dnes vecer Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Funguje - stacilo pod pravidlo 2 pridat este porty... len nechapem preco ked v 2 su tiez povolene... ci mozno ja haluzim
A toto o RouterOS som nevedel, ze ked povolim UPNP tak sa mi v NAT pravidlach sami vytvoria podla potrieb.. predstavuje to bezpecnostne riziko ?
Resp. teraz, ked uz mam pristupny FTP server, WEB admin NAS z vonku - mate nejaky tipy na zvysenie bezpecnosti ?
A toto o RouterOS som nevedel, ze ked povolim UPNP tak sa mi v NAT pravidlach sami vytvoria podla potrieb.. predstavuje to bezpecnostne riziko ?
Resp. teraz, ked uz mam pristupny FTP server, WEB admin NAS z vonku - mate nejaky tipy na zvysenie bezpecnosti ?
Kód: Vybrať všetko
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
1 ;;; Pristup na QNAP TS-128
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=8080 protocol=tcp
dst-address=10.251.0.10 dst-port=8080 log=yes log-prefix=""
2 ;;; Povol FTP z vonku
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=20-21 protocol=tcp
dst-address=10.251.0.10 connection-type=ftp dst-port=20-21 log=yes log-prefix=""
3 ;;; Povol port pre FTP
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=21 protocol=tcp
dst-port=21 log=yes log-prefix=""
4 D ;;; upnp 192.168.5.10: 5528db0053bd0ac7bec8217b51bb5a8c-Web Admin
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=8080 protocol=tcp
dst-address=10.251.0.10 in-interface=ether1 dst-port=8080
5 D ;;; upnp 192.168.5.10: 5528db0053bd0ac7bec8217b51bb5a8c-Secure Web Admin
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=443 protocol=tcp
dst-address=10.251.0.10 in-interface=ether1 dst-port=443
6 D ;;; upnp 192.168.5.10: 5528db0053bd0ac7bec8217b51bb5a8c-Web Server/Multi
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=80 protocol=tcp
dst-address=10.251.0.10 in-interface=ether1 dst-port=80
7 D ;;; upnp 192.168.5.10: 5528db0053bd0ac7bec8217b51bb5a8c-Secure Web Serve
chain=dstnat action=dst-nat to-addresses=192.168.5.10 to-ports=8081 protocol=tcp
dst-address=10.251.0.10 in-interface=ether1 dst-port=8081
8 D ;;; upnp 192.168.24.97: Skype UDP at 192.168.24.97:25890 (3731)
chain=dstnat action=dst-nat to-addresses=192.168.24.97 to-ports=25890 protocol=udp
dst-address=10.251.0.10 in-interface=ether1 dst-port=25890
9 D ;;; upnp 192.168.2.98: Teredo
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=51925 protocol=udp
dst-address=10.251.0.10 in-interface=ether1 dst-port=51925
10 D ;;; upnp 192.168.24.94: uTorrent (TCP)
chain=dstnat action=dst-nat to-addresses=192.168.24.94 to-ports=31093 protocol=tcp
dst-address=10.251.0.10 in-interface=ether1 dst-port=31093
11 D ;;; upnp 192.168.24.94: uTorrent (UDP)
chain=dstnat action=dst-nat to-addresses=192.168.24.94 to-ports=31093 protocol=udp
dst-address=10.251.0.10 in-interface=ether1 dst-port=31093
12 D ;;; upnp 192.168.2.98: uTorrent (TCP)
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=29126 protocol=tcp
dst-address=10.251.0.10 in-interface=ether1 dst-port=29126
13 D ;;; upnp 192.168.2.98: uTorrent (UDP)
chain=dstnat action=dst-nat to-addresses=192.168.2.98 to-ports=29126 protocol=udp
dst-address=10.251.0.10 in-interface=ether1 dst-port=29126 Mobo Asus PRIME B450 Plus CPU Ryzen 7 5800X3D (Noctua NH-U12S + dual fan Noctua NF-A12) GPU MSI GeForce RTX 3070 Ventus 3X RAM G.Skill Ripjaws V F4-4000C18D-32GVK SSD Silicon Power P34A80 CASE Lancool 205 PSU Corsair RM550x case cooling: exhaust 2x Noctua F12, in-take 2x Lian Li 120mm
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
NB: Dell E7470 Skylake Core i5 + 16GB RAM + FHD IPS Foun: Oppo Reno 5Z
Main server: Asus PRIME A320M-K + Ryzen 5 2600 + GTX 1660Ti + 32GB Ram
NAS: QNAP TS-128 - 2TB Seagate Iron Wolf + MikroTik RB952
Peripherals: Dual monas setup 27" Samsung Odyssey G5 and AOC I2470Sw + Steelseries Apex 5 + Steelseries Rival 3 + QcK + Logitech G435
-
Hexaris
Re: Mikrotik - pre zaciatocnikov
Ale ved mas zapnute upnp a aplikacia si proste porobila dyn. pravidla, bud to offni na rozhrani alebo v aplikacii zakaz jeho pouzivanie. Takto sa chova aj skype a pod., nic nestandartne ...
Snazi sa vyuzit aktivne pripojenie namiesto passivu.
Snazi sa vyuzit aktivne pripojenie namiesto passivu.