Проброс оборудования во внешнюю сеть , через роутер Mikrotik

Errom

Posted February 7, 2017 (edited)

Добрый день . Обо всем по порядку:

Арендую сервер (VPS) на сайте ruvds.com (не реклама) там мне был выдан IP- адрес следующего вида: ххх.ххх.хх.хх1 по нему я захожу на сам сервер (RDP) на сервере установлен билинг, который в свою очередь связывается с сервером Mikrotik x86 по постоянному IP Mikrotik x86 имеет 4 порта (локальный адрес самого сервер 10.1.0.1)

Eth0 – входящий (приходит интернет от вышестоящего провайдера)(имеется постоянный IP- адрес следующего вида: ххх.ххх.хх.хх2)

Eth1 – проводом подключен Ubiquiti Nanostation M2 (адрес устройства 10.1.0.5)

Eth2– проводом подключен Mikrotik RB411GL (адрес устройства 10.1.0.2)

Eth3- порт с подключенным роутером TP-Link WA941 (на порту eth3 весит DHCP сервер и раздает адрес в диапазоне 192.168.1.2-192.168.1.5)

Так вот в чем соль моего вопроса, захожу я на сервер с биллингом по по RDP , и хочу зайти например на Ubiquiti Nanostation M2(10.1.0.5) каким образом я могу это сделать , как прокинуть это устройство во внешнюю сеть , что бы его мониторить тоже. Буду очень рад помощи.

VPN не вариант использовать если соединение поднимается с сервером Mikrotik x86 то сервер (RDP) не доступен пока не перезагрузишь сервер.

Так как ограничение на сообщение пишу ниже

1)Зачем вам заходить с сервера? Феншуй?

ТАк удобнее , при проблеме у клиента, первым делом смотрю наличие блокировок , может баланс отрицательный, если нет , то хотелось бы зайти на точку , как минимум посмотреть уровни сигналов и прочую инф-ю.

2)На микротике белый IP, авторизация какая?

Да белый ip , авторизация от провайдера PPPoE , клиенты тоже авторизуются по PPPoE

3) Можно сделать проброс портов на микротике и заходить уже по порту.

Можно , знать бы как это сделать

4)Вы не указали, как вы хотите зайти SSH или Web??

WEB + winbox

5)Может стоит скинуть конфиг микротика?

Сейчас Ниже:

# feb/07/2017 17:34:00 by RouterOS 5.26# software id = W5EY-LHT9
#

/interface bridge

add l2mtu=16383 name="PPPoE Bridge"

/interface ethernet

set 0 name="WAN TTK"

set 1 arp=proxy-arp disabled=yes name="MikroBILL Service"

set 2 arp=proxy-arp disabled=yes name="MikroBILL INTERNET"

set 3 disabled=yes name="MikroBILL VPN"

set 4 name="HOME NETWORK"

set 5 arp=proxy-arp name="vPPPoE Server \B93"

set 6 auto-negotiation=no full-duplex=no name="vPPPoE Server \B91(Mik)"

set 7 name="vPPPoE Server \B92(UBNT)"

/interface pppoe-client

add add-default-route=yes disabled=no interface="WAN TTK" name="PPPoE Client" \    password=121212211 use-peer-dns=yes user=1212112121

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip hotspot user profile

set [ find default=yes ] idle-timeout=none keepalive-timeout=2m

/ip pool

add name="HOME DHCP" ranges=192.168.1.2-192.168.1.5

add name="MikroBILL_PPPoE Pool IP" ranges=10.1.0.20-10.1.254.254

/ip dhcp-server

add add-arp=yes address-pool="HOME DHCP" disabled=no interface="HOME NETWORK" \    name="HOME DHCP SERVER"

/port

set 1 name=usb5

/queue simple

add max-limit=50M/50M name="HOME PC" priority=1 target-addresses=\    192.168.1.0/24

/queue type

add kind=pfifo name=MikroBILL_PFIFO

add kind=sfq name=MikroBILL_SFQ

add kind=pcq name=MikroBILL_PCQ_DOWN pcq-classifier=dst-address \    pcq-total-limit=600

add kind=pcq name=MikroBILL_PCQ_UP pcq-classifier=src-address \    pcq-total-limit=600

set 11 kind=sfq sfq-perturb=60

/queue simple

add burst-limit=1208320/4833280 burst-threshold=921600/3686400 burst-time=\    15s/15s comment="AIR 4\\HUPSK9JB|8" limit-at=1/1 max-limit=1024k/4096k \    name=MikroBILL_HUPSK9JB priority=7 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.11/32

add burst-threshold=460800/2764800 burst-time=1s/1s comment=\    "Unlimited 3\\VU7SP01K|2" limit-at=1/1 max-limit=512k/3072k name=\    MikroBILL_VU7SP01K priority=7 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.17/32

add burst-threshold=460800/2764800 burst-time=1s/1s comment=\    "Unlimited 3\\EHNP3NHJ|4" limit-at=1/1 max-limit=512k/3072k name=\    MikroBILL_EHNP3NHJ priority=7 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.9/32

add burst-limit=1208320/3624960 burst-threshold=921600/2764800 burst-time=\    15s/15s comment="AIR 3\\ZII6QC1P|5" limit-at=1/1 max-limit=1024k/3072k \    name=MikroBILL_ZII6QC1P priority=7 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.18/32

add burst-limit=1208320/12083200 burst-threshold=921600/9216k burst-time=\    15s/15s comment="AIR 10\\RUVL2WYR|1" limit-at=1/1 max-limit=1024k/10240k \    name=MikroBILL_RUVL2WYR priority=5 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.14/32

add burst-threshold=460800/1843200 burst-time=1s/1s comment=\    "Unlimited 2\\SN68745|0" limit-at=1/1 max-limit=512k/2048k name=\    MikroBILL_SN68745 priority=7 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.15/32

add burst-threshold=921600/4608k burst-time=1s/1s comment=\    "Unlimited 5\\TCZOBBVV|7" limit-at=1/1 max-limit=1024k/5120k name=\    MikroBILL_TCZOBBVV priority=6 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.16/32

add burst-limit=1382400/5529600 burst-threshold=921600/3686400 burst-time=\    35s/35s comment="AIR 4 (\C0\F0\F5\E8\E2)\\H22DJ7Y0|10" limit-at=1/1 \    max-limit=1024k/4096k name=MikroBILL_H22DJ7Y0 priority=7 queue=\    MikroBILL_SFQ/MikroBILL_SFQ target-addresses=10.1.0.20/32

add burst-threshold=460800/1843200 burst-time=1s/1s comment=\    "Unlimited 2\\HKKXZ252|3" limit-at=1/1 max-limit=512k/2048k name=\    MikroBILL_HKKXZ252 priority=7 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.10/32

add burst-limit=1024k/5120k burst-threshold=921600/4608k burst-time=1s/1s \    comment="Unlimited 5\\QNJM5UVF|9" limit-at=1/1 max-limit=1024k/5120k \    name=MikroBILL_QNJM5UVF priority=6 queue=MikroBILL_SFQ/MikroBILL_SFQ \    target-addresses=10.1.0.13/32

/tool user-manager customer

add backup-allowed=yes disabled=no login=admin password="" \    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \    permissions=owner signup-allowed=no time-zone=-00:00

/interface bridge port

add bridge="PPPoE Bridge" interface="vPPPoE Server \B93"

add bridge="PPPoE Bridge" interface="vPPPoE Server \B92(UBNT)"

add bridge="PPPoE Bridge" interface="vPPPoE Server \B91(Mik)"

/interface bridge settings

set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \    use-ip-firewall-for-vlan=yes

/interface l2tp-server server

set authentication=mschap1,mschap2

/interface pppoe-server server

add disabled=no interface="PPPoE Bridge" one-session-per-host=yes \    service-name="PPPoE Server"

/interface pptp-server server

set enabled=yes

/ip address

add address=192.168.1.1/24 interface="HOME NETWORK"

add address=10.1.0.1/24 interface="PPPoE Bridge"

/ip dhcp-client

add default-route-distance=0 interface="WAN TTK"

/ip dhcp-server lease

add address=192.168.1.5 always-broadcast=yes client-id=1:f8:1a:67:c5:57:e9 \    mac-address=F8:1A:67:C5:57:E9 server="HOME DHCP SERVER"

/ip dhcp-server network

add address=192.168.1.0/24 dns-server=141.105.32.88 domain="Home Network" \    gateway=192.168.1.1 netmask=24

/ip dns

set allow-remote-requests=yes cache-size=19048KiB servers=\    141.105.32.88,141.105.32.89

/ip dns static

add address=192.168.2.3 disabled=yes name=www.skynet38.ru

add address=192.168.2.3 disabled=yes name=skynet38.ru

add address=192.168.2.3 disabled=yes name=http://skynet38.ru

add address=192.168.2.3 disabled=yes name=https://skynet38.ru

add address=192.168.2.3 disabled=yes name=https://www.skynet38.ru

/ip firewall address-list

add address=10.1.0.0/24 comment="All Drop in 10.1.0.0/24" list=\    MikroBill_All_Drop

add address=192.168.3.2 list=WEB

add address=194.54.14.129 comment=MIKROBILL_HOST_SBRF.RU list=\    "\C7\E0\E3\EB\F3\F8\EA\E0"

add address=141.105.32.89 list="\C7\E0\E3\EB\F3\F8\EA\E0"

add address=141.105.32.88 list="\C7\E0\E3\EB\F3\F8\EA\E0"

add address=192.168.3.2 list="\C7\E0\E3\EB\F3\F8\EA\E0"

add address=192.168.2.3 list="\C7\E0\E3\EB\F3\F8\EA\E0"

add address=188.168.26.231 list="\C7\E0\E3\EB\F3\F8\EA\E0"

add address=91.232.230.48 list="\C7\E0\E3\EB\F3\F8\EA\E0"

add address=194.54.14.129 comment=MIKROBILL_HOST_SBRF.RU list=\    "\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=141.105.32.89 list="\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=141.105.32.88 list="\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=192.168.3.2 list="\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=192.168.2.3 list="\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=188.168.26.231 list="\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=91.232.230.48 list="\C7\E0\E3\EB\F3\F8\EA\E0 2"

add address=194.54.14.140 comment=MIKROBILL_HOST_ACS2.SBRF.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=217.14.50.132 comment=MIKROBILL_HOST_3DS.VTB24.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=77.88.21.131 comment=MIKROBILL_HOST_AWAPS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=93.158.134.131 comment=MIKROBILL_HOST_AWAPS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.204.131 comment=MIKROBILL_HOST_AWAPS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.250.131 comment=MIKROBILL_HOST_AWAPS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.193.131 comment=MIKROBILL_HOST_AWAPS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=178.154.131.217 comment=MIKROBILL_HOST_YANDEX.ST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=178.154.131.216 comment=MIKROBILL_HOST_YANDEX.ST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=178.154.131.215 comment=MIKROBILL_HOST_YANDEX.ST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=77.88.21.21 comment=MIKROBILL_HOST_CSS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.204.21 comment=MIKROBILL_HOST_CSS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.204.51 comment=MIKROBILL_HOST_PASS.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.250.24 comment=MIKROBILL_HOST_PASSPORT.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.251.24 comment=MIKROBILL_HOST_PASSPORT.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=77.88.21.24 comment=MIKROBILL_HOST_PASSPORT.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.193.24 comment=MIKROBILL_HOST_PASSPORT.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.204.24 comment=MIKROBILL_HOST_PASSPORT.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=185.71.78.14 comment=MIKROBILL_HOST_MONEY.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=109.235.165.142 comment=MIKROBILL_HOST_MONEY.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=178.154.131.217 comment=MIKROBILL_HOST_YASTATIC.NET list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=178.154.131.215 comment=MIKROBILL_HOST_YASTATIC.NET list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=178.154.131.216 comment=MIKROBILL_HOST_YASTATIC.NET list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=77.88.21.14 comment=MIKROBILL_HOST_CLCK.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.250.14 comment=MIKROBILL_HOST_CLCK.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.204.14 comment=MIKROBILL_HOST_CLCK.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.193.14 comment=MIKROBILL_HOST_CLCK.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.251.14 comment=MIKROBILL_HOST_CLCK.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.250.119 comment=MIKROBILL_HOST_MC.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=93.158.134.119 comment=MIKROBILL_HOST_MC.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.251.119 comment=MIKROBILL_HOST_MC.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.193.119 comment=MIKROBILL_HOST_MC.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=192.225.158.2 comment=MIKROBILL_HOST_AA.ONLINE-METRIX.NET list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=91.232.230.48 comment=MIKROBILL_HOST_QIWI.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=91.232.230.50 comment=MIKROBILL_HOST_QIWI.COM list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=91.232.230.68 comment=MIKROBILL_HOST_W.QIWI.COM list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.190.172.18 comment=MIKROBILL_HOST_PAYMENTS.MTSBANK.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=82.196.67.37 comment=MIKROBILL_HOST_3DSP.VTB24.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=185.71.78.15 comment=MIKROBILL_HOST_SP-MONEY.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=109.235.165.143 comment=MIKROBILL_HOST_SP-MONEY.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=192.225.158.17 comment=MIKROBILL_HOST_S4.MONEY.YANDEX.NET list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=93.158.134.14 comment=MIKROBILL_HOST_CLCK.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.67.29.230 comment=MIKROBILL_HOST_SC.RS.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=91.232.230.41 comment=MIKROBILL_HOST_W.QIWI.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=176.34.247.152 comment=MIKROBILL_HOST_OCSP-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=54.228.209.190 comment=MIKROBILL_HOST_OCSP-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=93.190.87.221 comment=MIKROBILL_HOST_ACS1.3DS.MODIRUM.COM list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.98.167.129 comment=MIKROBILL_HOST_WWW.OPENTRUST.COM list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=93.190.87.221 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.190.172.18 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=82.196.67.37 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=217.14.50.132 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.67.29.230 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=217.12.97.112 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=91.232.230.67 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=173.45.161.113 comment=MIKROBILL_LAN_LIST list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=87.250.250.201 comment=MIKROBILL_HOST_SOCIAL.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.204.201 comment=MIKROBILL_HOST_SOCIAL.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=213.180.193.201 comment=MIKROBILL_HOST_SOCIAL.YANDEX.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=109.235.163.229 comment=MIKROBILL_HOST_PAYMENTCARD.YAMONEY.RU \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.54.14.139 comment=MIKROBILL_HOST_ACS1.SBRF.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.54.14.155 comment=MIKROBILL_HOST_ACS3.SBRF.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=194.54.14.158 comment=MIKROBILL_HOST_ACS4.SBRF.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=188.168.26.231 comment=MIKROBILL_HOST_SKYNET38.RU list=\    "WEB-\E7\E0\E3\EB\F3\F8\EA\E0"

add address=188.168.26.231 comment=MIKROBILL_HOST_WWW.SKYNET38.RU list=\    "WEB-\E7\E0\E3\EB\F3\F8\EA\E0"

add address=188.168.26.231 comment=MIKROBILL_LAN_LIST list=\    "WEB-\E7\E0\E3\EB\F3\F8\EA\E0"

add address=194.176.100.120 comment=MIKROBILL_HOST_3DS.MDMBANK.RU list=\    "\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.215 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.170 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.200 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.245 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.113 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.153 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.201 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=52.222.174.162 comment=MIKROBILL_HOST_CRL-SSL.CERTIFICAT2.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=173.194.122.254 comment=MIKROBILL_HOST_SSL.GOOGLE-ANALYTICS.COM \    list="\CF\EB\E0\F2\E5\E6\ED\FB\E5 \F1\E8\F1\F2\E5\EC\FB"

add address=10.1.0.13 comment="Unlimited 5\\QNJM5UVF|9" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.13 comment="Unlimited 5\\QNJM5UVF|9" list=MikroBill_Users

add address=10.1.0.13 comment=\    "MikroBill_Linked_Users__Unlimited 5\\QNJM5UVF|9" list=\    "MikroBILL_Tarif_Unlimited 5"

add address=10.1.0.12 comment="Unlimited 3\\P806439A|6" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.12 comment="Unlimited 3\\P806439A|6" list=MikroBill_Users

add address=10.1.0.12 comment=\    "MikroBill_Linked_Users__Unlimited 3\\P806439A|6" list=\    "MikroBILL_Tarif_Unlimited 3"

add address=10.1.0.18 comment="MikroBill_Linked_Users__AIR 3\\ZII6QC1P|5" \    list="MikroBILL_Tarif_AIR 3"

add address=10.1.0.18 comment="AIR 3\\ZII6QC1P|5" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.18 comment="AIR 3\\ZII6QC1P|5" list=MikroBill_Users

add address=10.1.0.15 comment=\    "MikroBill_Linked_Users__Unlimited 2\\SN68745|0" list=\    "MikroBILL_Tarif_Unlimited 2"

add address=10.1.0.15 comment="Unlimited 2\\SN68745|0" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.15 comment="Unlimited 2\\SN68745|0" list=MikroBill_Users

add address=10.1.0.14 comment="AIR 10\\RUVL2WYR|1" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.14 comment="AIR 10\\RUVL2WYR|1" list=MikroBill_Users

add address=10.1.0.9 comment=\    "MikroBill_Linked_Users__Unlimited 3\\EHNP3NHJ|4" list=\    "MikroBILL_Tarif_Unlimited 3"

add address=10.1.0.17 comment=\    "MikroBill_Linked_Users__Unlimited 3\\VU7SP01K|2" list=\    "MikroBILL_Tarif_Unlimited 3"

add address=10.1.0.9 comment="Unlimited 3\\EHNP3NHJ|4" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.9 comment="Unlimited 3\\EHNP3NHJ|4" list=MikroBill_Users

add address=10.1.0.17 comment="Unlimited 3\\VU7SP01K|2" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.17 comment="Unlimited 3\\VU7SP01K|2" list=MikroBill_Users

add address=10.1.0.10 comment=\    "MikroBill_Linked_Users__Unlimited 2\\HKKXZ252|3" list=\    "MikroBILL_Tarif_Unlimited 2"

add address=10.1.0.10 comment="Unlimited 2\\HKKXZ252|3" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.10 comment="Unlimited 2\\HKKXZ252|3" list=MikroBill_Users

add address=10.1.0.20 comment="AIR 4 (\C0\F0\F5\E8\E2)\\H22DJ7Y0|10" \    disabled=yes list=MikroBill_OFF_Users

add address=10.1.0.20 comment="AIR 4 (\C0\F0\F5\E8\E2)\\H22DJ7Y0|10" list=\    MikroBill_Users

add address=10.1.0.11 comment="MikroBill_Linked_Users__AIR 4\\HUPSK9JB|8" \    list="MikroBILL_Tarif_AIR 4"

add address=10.1.0.11 comment="AIR 4\\HUPSK9JB|8" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.11 comment="AIR 4\\HUPSK9JB|8" list=MikroBill_Users

add address=10.1.0.16 comment=\    "MikroBill_Linked_Users__Unlimited 5\\TCZOBBVV|7" list=\    "MikroBILL_Tarif_Unlimited 5"

add address=10.1.0.16 comment="Unlimited 5\\TCZOBBVV|7" disabled=yes list=\    MikroBill_OFF_Users

add address=10.1.0.16 comment="Unlimited 5\\TCZOBBVV|7" list=MikroBill_Users

add address=10.1.0.20 comment=\    "MikroBill_Linked_Users__AIR 4 (\C0\F0\F5\E8\E2)\\H22DJ7Y0|10" list=\    "MikroBILL_Tarif_AIR 4 (\C0\F0\F5\E8\E2)"

add address=10.1.0.13 comment="Unlimited 5\\QNJM5UVF|9" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.16 comment="Unlimited 5\\TCZOBBVV|7" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.12 comment="Unlimited 3\\P806439A|6" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.18 comment="AIR 3\\ZII6QC1P|5" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.9 comment="Unlimited 3\\EHNP3NHJ|4" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.10 comment="Unlimited 2\\HKKXZ252|3" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.17 comment="Unlimited 3\\VU7SP01K|2" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.14 comment="MikroBill_Linked_Users__AIR 10\\RUVL2WYR|1" \    list="MikroBILL_Tarif_AIR 10"

add address=194.87.94.92 comment="All Drop in 194.87.94.92" list=\    MikroBill_All_Drop

add address=192.168.2.3 comment=SERVER list=MikroBill_Users

add address=194.87.94.92 comment=SERVER list=MikroBill_Users

add address=10.1.0.11 comment="AIR 4\\HUPSK9JB|8" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=194.87.94.92 comment=MIKROBILL_HOST_SKYNET38.RU list=WhiteHosts

add address=194.87.94.92 comment=MIKROBILL_LAN_LIST list=WhiteHosts

add address=10.1.0.22 comment="AIR 8\\\C4\EB\FF \EF\F0\EE\E2\E5\F0\EA\E8 \F2\

   \E5\F1\F2 \E7\E0\E9\EC\FB|11" list=MikroBill_Users

add address=10.1.0.22 comment="AIR 8\\\C4\EB\FF \EF\F0\EE\E2\E5\F0\EA\E8 \F2\

   \E5\F1\F2 \E7\E0\E9\EC\FB|11" list=\    "MikroBill_LinkedServices_SMS-\C8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.1.0.22 comment="MikroBill_Linked_Users__AIR 8\\\C4\EB\FF \EF\F0\

   \EE\E2\E5\F0\EA\E8 \F2\E5\F1\F2 \E7\E0\E9\EC\FB|11" list=\    "MikroBILL_Tarif_AIR 8"

add address=10.1.0.22 comment="AIR 8\\\C4\EB\FF \EF\F0\EE\E2\E5\F0\EA\E8 \F2\

   \E5\F1\F2 \E7\E0\E9\EC\FB|11" disabled=yes list=MikroBill_OFF_Users

/ip firewall filter

add chain=forward comment=\    "MikroBILL_\CB\E8\F7\ED\FB\E9 \EA\E0\E1\E8\ED\E5\F2 UDP_56845247131204" \    dst-address-list=WhiteHosts protocol=udp

add chain=forward comment=\    "MikroBILL_\CB\E8\F7\ED\FB\E9 \EA\E0\E1\E8\ED\E5\F2 TCP_27181627770673" \    dst-address-list=WhiteHosts protocol=tcp src-address-list=WhiteHosts

add chain=forward comment=MikroBILL_Server2 dst-address=194.87.94.92

add chain=forward comment=MikroBILL_Users2 dst-address-list=MikroBill_Users

add action=drop chain=forward comment=MikroBILL_Flood_Killer \    src-address-list=MikroBILL_BLOCKED_FLOOD

add action=add-src-to-address-list address-list=MikroBILL_BLOCKED_FLOOD \    address-list-timeout=3m chain=forward comment=MikroBILL_Block_Flood \    connection-limit=20,32 dst-port=80 protocol=tcp src-address-list=\    MikroBill_OFF_Users

add chain=forward comment=MikroBILL_Server src-address=194.87.94.92

add chain=forward comment=MikroBILL_WhiteList dst-address-list=WhiteHosts

add chain=forward comment=MikroBILL_Users src-address-list=MikroBill_Users

add action=drop chain=forward comment=MikroBILL_Blocked_Users \    src-address-list=MikroBill_All_Drop

add action=drop chain=input comment=\    "\D3\E1\E8\F0\E0\E5\EC \F1\E5\F1\F1\E8\E8 \F1 \EE\F8\E8\E1\EA\E0\EC\E8" \    connection-state=invalid

add action=drop chain=forward comment=MikroBILL_Blocked_Users2 \    dst-address-list=MikroBill_All_Drop

/ip firewall nat

add action=netmap chain=dstnat comment="MIKROBILL 2WEB-CAP" disabled=yes \    dst-address=!192.168.2.3 dst-address-list=!WhiteHosts dst-port=80 \    protocol=tcp src-address-list=!MikroBill_Users to-addresses=192.168.2.3 \    to-ports=82

add action=masquerade chain=srcnat comment="MIKROBILL USERS NAT" \    src-address-list=MikroBill_All_Drop to-addresses=0.0.0.0

add action=masquerade chain=srcnat src-address=192.168.1.0/24

add action=masquerade chain=srcnat dst-address=!10.0.0.0/8 src-address=\    10.1.0.0/16

add action=netmap chain=dstnat comment="MIKROBILL WEB-CAP" dst-address=\    !194.87.94.92 dst-address-list=!WhiteHosts dst-port=80 protocol=tcp \    src-address-list=MikroBill_OFF_Users to-addresses=194.87.94.92 to-ports=\    81

/ip firewall service-port

set ftp disabled=yes

set tftp disabled=yes

set irc disabled=yes

set h323 disabled=yes

set sip disabled=yes

/ip neighbor discovery

set "WAN TTK" disabled=yes

set "MikroBILL Service" disabled=no

set "MikroBILL INTERNET" disabled=no

set "MikroBILL VPN" disabled=no

/ip proxy

set port=81

/ip service

set telnet disabled=yes

set ftp disabled=yes

set ssh disabled=yes

set www-ssl disabled=no

set api disabled=no

/ip traffic-flow

set active-flow-timeout=2m enabled=yes inactive-flow-timeout=30s

/ip traffic-flow target

add address=192.168.2.3 version=5

/ppp secret

add comment="Unlimited 5\\QNJM5UVF   (MikroBill)|9" local-address=10.1.0.1 \    name=QNJM5UVF password=YSM92V remote-address=10.1.0.13 service=pppoe

add comment="AIR 4\\HUPSK9JB   (MikroBill)|8" local-address=10.1.0.1 name=\    HUPSK9JB password=H8PR5LQO remote-address=10.1.0.11 service=pppoe

add comment="Unlimited 3\\EHNP3NHJ   (MikroBill)|4" local-address=10.1.0.1 \    name=EHNP3NHJ password=NAR96DO6 remote-address=10.1.0.9 service=pppoe

add comment="Unlimited 5\\TCZOBBVV   (MikroBill)|7" local-address=10.1.0.1 \    name=TCZOBBVV password=R1KF9DHD remote-address=10.1.0.16 service=pppoe

add comment="Unlimited 3\\VU7SP01K   (MikroBill)|2" local-address=10.1.0.1 \    name=VU7SP01K password=L2M8BDNV remote-address=10.1.0.17 service=pppoe

add comment="Unlimited 2\\HKKXZ252   (MikroBill)|3" local-address=10.1.0.1 \    name=HKKXZ252 password=H3TX72CB remote-address=10.1.0.10 service=pppoe

add comment="AIR 3\\ZII6QC1P   (MikroBill)|5" local-address=10.1.0.1 name=\    ZII6QC1P password=JN3T4QDJ remote-address=10.1.0.18 service=pppoe

add comment="AIR 10\\RUVL2WYR   (MikroBill)|1" local-address=10.1.0.1 name=\    RUVL2WYR password=R8Q62WEK remote-address=10.1.0.14 service=pppoe

add comment="Unlimited 3\\P806439A   (MikroBill)|6" local-address=10.1.0.1 \    name=P806439A password=I0S9EERD remote-address=10.1.0.12 service=pppoe

add comment="AIR 4 (\C0\F0\F5\E8\E2)\\H22DJ7Y0   (MikroBill)|10" \    local-address=10.1.0.1 name=H22DJ7Y0 password=07M63LZZ remote-address=\    10.1.0.20 service=pppoe

add comment="AIR 8\\\C4\EB\FF \EF\F0\EE\E2\E5\F0\EA\E8 \F2\E5\F1\F2 \E7\E0\E9\

   \EC\FB   (MikroBill)|11" local-address=10.1.0.1 name=Admin1 password=\    Admin1 remote-address=10.1.0.22 service=pppoe

add comment="Unlimited 2\\SN68745   (MikroBill)|0" local-address=10.1.0.1 \    name=SN68745 password=CaEp6WV0tv remote-address=10.1.0.15 service=pppoe

add comment=teeeeest local-address=10.1.0.1 name=spo_kirindas password=test \    remote-address=10.1.0.254 routes=10.1.0.1 service=pptp

/system clock manual

set dst-delta=+07:00 time-zone=+08:00

/system identity

set name="CCR 8G+"

/system lcd

set contrast=0 enabled=no port=parallel type=24x4

/system lcd page

set time disabled=yes display-time=5s

set resources disabled=yes display-time=5s

set uptime disabled=yes display-time=5s

set packets disabled=yes display-time=5s

set bits disabled=yes display-time=5s

set version disabled=yes display-time=5s

set identity disabled=yes display-time=5s

set "PPPoE Bridge" disabled=yes display-time=5s

set "vPPPoE Server \B92(UBNT)" disabled=yes display-time=5s

set "PPPoE Client" disabled=yes display-time=5s

set "vPPPoE Server \B91(Mik)" disabled=yes display-time=5s

set "vPPPoE Server \B93" disabled=yes display-time=5s

set "HOME NETWORK" disabled=yes display-time=5s

set "MikroBILL VPN" disabled=yes display-time=5s

set "MikroBILL INTERNET" disabled=yes display-time=5s

set "MikroBILL Service" disabled=yes display-time=5s

set "WAN TTK" disabled=yes display-time=5s

set <pppoe-ZII6QC1P> disabled=yes display-time=5s

set <pppoe-EHNP3NHJ> disabled=yes display-time=5s

set <pppoe-VU7SP01K> disabled=yes display-time=5s

set <pppoe-HKKXZ252> disabled=yes display-time=5s

set <pppoe-SN68745> disabled=yes display-time=5s

set <pppoe-QNJM5UVF> disabled=yes display-time=5s

set <pppoe-TCZOBBVV> disabled=yes display-time=5s

set <pppoe-HUPSK9JB> disabled=yes display-time=5s

set <pppoe-H22DJ7Y0> disabled=yes display-time=5s

/system ntp client

set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=109.195.19.73

/system ntp server

set enabled=yes

/system scheduler

add comment="\C5\E6\E5\EC\E5\F1\E5\F7\ED\EE\E5 \F1\EE\E7\E4\E0\ED\E8\E5 \F0\E5\

   \E7\E5\F0\E2\ED\EE\E9 \EA\EE\EF\E8\E8" interval=4w2d name=BackUP \    on-event="{/system backup save name=Month}" policy=\    ftp,reboot,read,write,winbox,api start-date=may/25/2015 start-time=\    04:30:00

/system watchdog

set automatic-supout=no no-ping-delay=3m watch-address=8.8.8.8

/tool graphing interface

add interface="PPPoE Bridge"

add interface="HOME NETWORK"

add interface="MikroBILL INTERNET"

add interface="MikroBILL Service"

/tool netwatch

add comment="\CF\F0\EE\E2\E5\F0\EA\E0 \E4\EE\F1\F2\F3\EF\E0 \EA \E8\ED\F2\E5\

   \F0\ED\E5\F2\F3" disabled=yes down-script="/tool sms send usb5 \"+79641093\

   331\" message=\"MIKROTIK SkyCORE Disable\"\r\

   \n/tool sms send usb5 \"+79500630686\" message=\"MIKROTIK SkyCORE Disable\

   \"" host=8.8.8.8 interval=2m up-script="/tool sms send usb5 \"+79641093331\

   \" message=\"MIKROTIK SkyCORE Enable\"\r\

   \n/tool sms send usb5 \"+79500630686\" message=\"MIKROTIK SkyCORE Enable\"\

   "

add comment="\CF\F0\EE\E2\E5\F0\EA\E0 \E4\EE\F1\F2\F3\EF\ED\EE\F1\F2\E8 NanoSt\

   ation M2" disabled=yes down-script="/tool sms send usb5 \"+79641093331\" m\

   essage=\"NanoStation M2 Disable\"\r\

   \n/tool sms send usb5 \"+79500630686\" message=\"NanoStation M2 Disable\"" \    host=10.1.0.5 up-script="/tool sms send usb5 \"+79641093331\" message=\"Na\

   noStation M2 Enable\"\r\

   \n/tool sms send usb5 \"+79500630686\" message=\"NanoStation M2 Enable\""

add comment="\CF\F0\EE\E2\E5\F0\EA\E0 \E4\EE\F1\F2\F3\EF\ED\EE\F1\F2\E8 BS MIK\

   ROTIK RB411GL" disabled=yes down-script="/tool sms send usb5 \"+7964109333\

   1\" message=\"MIKROTIK BASE STATION Disable\"\r\

   \n/tool sms send usb5 \"+79500630686\" message=\"MIKROTIK BASE STATION Dis\

   able\"" host=10.1.0.2 interval=30s up-script="/tool sms send usb5 \"+79641\

   093331\" message=\"MIKROTIK BASE STATION Enable\"\r\

   \n/tool sms send usb5 \"+79500630686\" message=\"MIKROTIK BASE STATION Ena\

   ble\""

[skynet@CCR 8G+] >

Edited February 7, 2017 by Errom

Share this post

Link to post

Share on other sites

pingz

Posted February 7, 2017

Зачем вам заходить с сервера? Феншуй?

На микротике белый IP, авторизация какая?

Можно сделать проброс портов на микротике и заходить уже по порту.

Вы не указали, как вы хотите зайти SSH или Web??

Может стоит скинуть конфиг микротика?

З.Ы. ИМХО лучше использовать VPN у меня в сети отдельный микротик под это стоит(раньше совмещали пока нагрузка в офисе не увеличилась) Проблем вообще нет.

Share this post

Link to post

Share on other sites

Nuts

Posted February 7, 2017

Самое простое - dst-nat'ить веб-интерфейс Nanostation (там ведь веб-интерфейс, верно?) на внешний IP Mikrotik x86, при этом разрешать подключения только с IP билинга.

Либо правильно настроить маршруты на стороне билинга, чтобы при подключенном VPN не терять к нему доступ. К VPS, скорее всего, можно подключиться через VNC консоль.

Share this post

Link to post

Share on other sites

PLZ2

Posted February 7, 2017 (edited)

а почему у вас нанос в этой же сети? назначьте ему другую подсеть

Sign In

Errom

Share this post

Link to post

Share on other sites

pingz

Share this post

Link to post

Share on other sites

Nuts

Share this post

Link to post

Share on other sites

PLZ2

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in