Если нужна доп инфо спрашивайте, я не силен еще в микротиках.
ps прошу прощения, была изначально допущена ошибка, недоступен только именно роутер клиент, однако локалка этого клиента открывается (ip камеры, принтеры). Тоесть проблема в том что не могу зайти в веб оболочку роутера клиента через внешний интерфейс роутера сервера, с локалки по ip заходит нормально.
Зыы необходимость заходить на клиент через сервер обусловлена тем что клиент имеет инет через 3г модем у которого серый ip, тоесть ddns не проканает. Белый ip есть только у роутера-сервера.
export:
Код: Выделить всё
# apr/13/2016 12:30:12 by RouterOS 6.34.4
# software id = 4W29-ZFQ9
#
/interface bridge
add admin-mac=D4:CA:6D:DD:95:01 auto-mac=no mtu=1492 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=russia disabled=no distance=indoors frequency=2422 mode=ap-bridge \
mtu=1492 ssid=*********** wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] mtu=1492 name=ether1-gateway
set [ find default-name=ether2 ] mtu=1492 name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local mtu=1492 \
name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local mtu=1492 \
name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local mtu=1492 \
name=ether5-slave-local
/interface eoip
add !keepalive local-address=1.1.1.1 mac-address=02:94:F2:51:3A:13 name=\
eoip-agar remote-address=1.1.1.3 tunnel-id=2
add !keepalive local-address=1.1.1.1 mac-address=02:94:F6:D9:89:26 name=\
eoip-sklad remote-address=1.1.1.2 tunnel-id=1
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
wpa-pre-shared-key=*********** wpa2-pre-shared-key=*********
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.2.100-192.168.2.199
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge-local \
lease-time=3d name=office
/port
set 0 name=usb1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=eoip-sklad
add bridge=bridge-local interface=eoip-agar
/interface pptp-server server
set authentication=chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.2.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.2.7 comment=buh mac-address=00:50:8D:B0:B4:7B
add address=192.168.2.13 comment=gigaset595 mac-address=7C:2F:80:1E:AD:92
add address=192.168.2.101 comment=brother_logist mac-address=\
00:1B:A9:EC:3E:E6
add address=192.168.2.102 comment=brother_reception mac-address=\
00:1B:A9:ED:A0:99
add address=192.168.2.103 comment=brother_dostavka mac-address=\
00:80:92:BD:69:8F
add address=192.168.2.104 comment=brother_sklad mac-address=00:80:92:CE:90:82
add address=192.168.2.222 comment=program_server mac-address=\
D8:50:E6:DC:76:CF
add address=192.168.2.200 comment=videoserver mac-address=F0:79:59:8E:89:46
add address=192.168.2.2 comment=kassa mac-address=20:CF:30:EB:3D:A5
add address=192.168.2.150 comment=asterisk mac-address=00:1F:C6:9B:8B:63
add address=192.168.2.151 comment=cisco8800 mac-address=B8:62:1F:88:3D:FC
add address=192.168.2.250 comment=switch mac-address=E8:DE:27:FD:8F:D5
add address=192.168.2.152 comment=cisco8000 mac-address=20:AA:4B:58:03:04
add address=192.168.2.3 comment=kirill mac-address=20:16:D8:BF:B5:DA
add address=192.168.2.4 comment=ira mac-address=00:25:22:89:C9:89
add address=192.168.2.5 comment=sasha mac-address=20:16:D8:BF:A6:C7
add address=192.168.2.6 comment=popov mac-address=DC:0E:A1:2E:83:22
add address=192.168.2.8 comment=sklad mac-address=00:26:18:F3:A8:23
add address=192.168.2.9 comment=popova mac-address=F4:6D:04:0A:F6:C1
add address=192.168.2.10 comment=aksenov mac-address=B8:88:E3:B7:0F:DF
add address=192.168.2.12 comment=math mac-address=88:AE:1D:CA:09:41
add address=192.168.2.17 comment=yagovitin mac-address=00:1A:4D:37:86:A7
add address=192.168.2.14 comment=gigaset470 mac-address=00:01:E3:A2:39:15
add address=192.168.2.16 comment=mgk mac-address=7C:E9:D3:50:13:F6
add address=192.168.2.18 always-broadcast=yes comment=olya mac-address=\
20:16:D8:BF:B7:78
add address=192.168.2.105 comment=brother_buh mac-address=30:05:5C:2C:00:CD
add address=192.168.2.11 comment=4824 mac-address=00:15:99:7E:CC:9A
add address=192.168.2.20 comment=public mac-address=1C:7E:E5:C9:42:1C
add address=192.168.2.92 client-id=1:28:10:7b:18:23:62 comment=cam_agar \
mac-address=28:10:7B:18:23:62 server=office
/ip dhcp-server network
add address=192.168.2.0/24 comment="default configuration" dns-server=\
8.8.8.8,78.29.2.21 gateway=192.168.2.1 netmask=24 wins-server=8.8.8.8
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.2.1 name=router
/ip firewall filter
add chain=input comment="default configuration" connection-state=\
established,related
add action=drop chain=input connection-state=invalid
add chain=input comment="default configuration" protocol=icmp
add chain=input dst-port=53 in-interface=bridge-local protocol=udp \
src-address=192.168.2.0/24
add chain=input dst-port=8291 in-interface=bridge-local protocol=tcp \
src-address=192.168.2.0/24
add chain=input dst-port=2709 protocol=tcp
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=forward comment="default configuration" connection-state=\
established,related
add chain=forward dst-address=192.168.2.0/24 dst-port=\
80,443,21,2222,200,3306,8090,874,9102,2710,4880-4900 in-interface=\
ether1-gateway protocol=tcp
add chain=forward in-interface=bridge-local src-address=192.168.2.0/24
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall mangle
add action=change-mss chain=forward new-mss=1448 protocol=tcp tcp-flags=syn \
tcp-mss=!0-1448
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="Harpin NAT" out-interface=\
bridge-local protocol=tcp src-address=192.168.2.0/24
add action=netmap chain=dstnat comment=videoserver dst-address-type=local \
dst-port=200 protocol=tcp to-addresses=192.168.2.200 to-ports=80
add action=netmap chain=dstnat comment=program_server dst-address-type=local \
dst-port=80,443 protocol=tcp to-addresses=192.168.2.222 to-ports=443
add action=netmap chain=dstnat comment=ftp dst-address-type=local dst-port=21 \
protocol=tcp to-addresses=192.168.2.20 to-ports=21
add action=netmap chain=dstnat comment=kassa dst-address-type=local dst-port=\
2222 protocol=tcp to-addresses=192.168.2.2 to-ports=2222
add action=netmap chain=dstnat comment=mysql dst-address-type=local dst-port=\
3306 protocol=tcp to-addresses=192.168.2.222 to-ports=3306
add action=netmap chain=dstnat comment=brother_reception dst-address-type=\
local dst-port=9102 protocol=tcp to-addresses=192.168.2.102 to-ports=9100
add action=netmap chain=dstnat comment=asterisk dst-address-type=local \
dst-port=8090 protocol=tcp to-addresses=192.168.2.150 to-ports=80
add action=netmap chain=dstnat comment=avreg dst-address-type=local dst-port=\
874 protocol=tcp to-addresses=192.168.2.200 to-ports=874
add action=netmap chain=dstnat comment=vnc_program_server dst-address-type=\
local dst-port=4880 protocol=tcp to-addresses=192.168.2.222 to-ports=5900
add action=netmap chain=dstnat comment=vnc_videoserver dst-address-type=local \
dst-port=4881 protocol=tcp to-addresses=192.168.2.200 to-ports=5900
add action=netmap chain=dstnat comment=vnc_asterisk dst-address-type=local \
dst-port=4882 protocol=tcp to-addresses=192.168.2.150 to-ports=5900
add action=netmap chain=dstnat comment=vnc_reception dst-address-type=local \
dst-port=4889 protocol=tcp to-addresses=192.168.2.2 to-ports=5900
add action=netmap chain=dstnat comment=vnc_kirill dst-address-type=local \
dst-port=4885 protocol=tcp to-addresses=192.168.2.3 to-ports=5900
add action=netmap chain=dstnat comment=vnc_ira dst-address-type=local \
dst-port=4899 protocol=tcp to-addresses=192.168.2.4 to-ports=5900
add action=netmap chain=dstnat comment=vnc_sasha dst-address-type=local \
dst-port=4897 protocol=tcp to-addresses=192.168.2.5 to-ports=5900
add action=netmap chain=dstnat comment=vnc_popov dst-address-type=local \
dst-port=4895 protocol=tcp to-addresses=192.168.2.6 to-ports=5900
add action=netmap chain=dstnat comment=vnc_buh dst-address-type=local \
dst-port=4888 protocol=tcp to-addresses=192.168.2.7 to-ports=5900
add action=netmap chain=dstnat comment=vnc_sklad dst-address-type=local \
dst-port=4884 protocol=tcp to-addresses=192.168.2.8 to-ports=5900
add action=netmap chain=dstnat comment=vnc_anna dst-address-type=local \
dst-port=4894 protocol=tcp to-addresses=192.168.2.9 to-ports=5900
add action=netmap chain=dstnat comment=vnc_aksenov dst-address-type=local \
dst-port=4890 protocol=tcp to-addresses=192.168.2.10 to-ports=5900
add action=netmap chain=dstnat comment=vnc_math dst-address-type=local \
dst-port=4886 protocol=tcp to-addresses=192.168.2.12 to-ports=5900
add action=netmap chain=dstnat comment=vnc_yagovitin dst-address-type=local \
dst-port=4887 protocol=tcp to-addresses=192.168.2.17 to-ports=5900
add action=netmap chain=dstnat comment=vnc_mgk dst-address-type=local \
dst-port=4883 protocol=tcp to-addresses=192.168.2.16 to-ports=5900
add action=netmap chain=dstnat comment=vnc_olya dst-address-type=local \
dst-port=4891 protocol=tcp to-addresses=192.168.2.18 to-ports=5900
add action=netmap chain=dstnat comment=router_sklad dst-port=2710 protocol=\
tcp to-addresses=192.168.2.81 to-ports=80
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=192.168.3.1 pref-src=\
192.168.3.2
/ip service
set telnet disabled=yes
set www port=2709
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add local-address=1.1.1.1 name=sklad password=manato172719 profile=\
default-encryption remote-address=1.1.1.2 service=pptp
add local-address=1.1.1.1 name=agar password=manato172719 profile=\
default-encryption remote-address=1.1.1.3 service=pptp
/system clock
set time-zone-name=Asia/Yekaterinburg
/system leds
set 0 interface=wlan1
/system scheduler
add interval=10m name=dyndns on-event="/system script run afraid" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
/system script
add name=afraid owner=maxtor policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#######\
####### Script FreeDNS.afraid.org ##################\
\n############## PARSER EDITION ##################\
\n############## CREATED LESHIY_ODESSA ##################\
\n \
\n# Specify the \"Direct URL\", which is https://freedns.afraid.org/dynami\
c/\
\n# If RouterOS version 5.xx, then remove from the URL encryption - \"http\
s\" change this to \"http\". Also see below.\
\n# In front of the sign \"\?\" put a backslash \"\\\".\
\n:global \"direct-url\" \"http://freedns.afraid.org/dynamic/update.php\\\
\?**************\"\
\n\
\n# Specify the URL API \"ASCII\"\
\n# Log in under your account and open the page https://freedns.afraid.org\
/api/\
\n# Then copy the URL of your site - Available API Interfaces : ASCII (!!!\
\_NOT XML !!!)\
\n# ATTENTION!!!! Before the question mark, put a backslash \"\\\".\
\n# If RouterOS version 5.xx, then remove from the URL encryption - \"http\
s\" change this to \"http\".\
\n:global \"api-url\" \"http://freedns.afraid.org/api/\\\?action=getdyndns\
&sha=************************\"\
\n \
\n# Specify your domain or subdomain.\
\n:global \"dns-domain\" \"***********\"\
\n\
\n# Define variables for the external (WAN) interface\
\n# Case sensitive.\
\n:global \"out-interface\" \"ether1-gateway\"\
\n \
\n# !!!!!!!!!!!!!!!!! Nothing more do not need to edit!!!!!!!!!!!!!!!!!\
\n \
\n# Check whether the file with the IP domain - freedns.txt\
\n:if ([:len [/file find name=freedns.txt]] > 0) do={\
\n} else={\
\n/tool fetch url=\$\"api-url\" dst-path=\"/freedns.txt\"\
\n}\
\n# Find out the IP address of the domain using the API and parsing.\
\n# Split the file\
\n:local \"result\" [/file get freedns.txt contents]\
\n:local \"startloc\" ([:find \$\"result\" \$\"dns-domain\"] + ([:len \$\"\
dns-domain\"] + 1))\
\n:local \"endloc\" ([:find \$\"result\" \$\"direct-url\" -1] -1)\
\n:global \"dns-domain-ip\" [:pick \$\"result\" \$\"startloc\" \$\"endloc\
\"]\
\n \
\n# Find the current IP address on the external interface\
\n:global \"current-ip\" [/ip address get [find interface=\$\"out-interfac\
e\"] address]\
\n \
\n# Obtained from IP addresses to be excluded subnet mask\
\n:set \"current-ip\" [:pick \$\"current-ip\" 0 ([:len \$\"current-ip\"]-3\
) ]\
\n \
\n# Compare the external IP with the IP address of the DNS domain.\
\n:if (\$\"current-ip\" != \$\"dns-domain-ip\") do={\
\n\
\n# If different, then sent to freedns.afraid.org our external IP by using\
\_Direct URL\
\n:log info (\"Service Dynamic DNS: old IP address \$\"dns-domain-ip\" for\
\_\$\"dns-domain\" CHANGED to -> \$\"current-ip\"\")\
\n/tool fetch url=\$\"direct-url\" keep-result=no\
\n# Download the file with the new IP after 5 sec.\
\n:delay 5\
\n/tool fetch url=\$\"api-url\" dst-path=\"/freedns.txt\"\
\n} else={\
\n# Not to clog the log, you need to comment out this line.\
\n:log info (\"IP address is NOT CHANGED, the update is not required\")\
\n}\
\n \
\n# Since version RouterOS version 6.0rc12 supported encryption /tool fetc\
h mode=https\
\n# In :global \"direct-url\" need to change to httpS://\
\n# For RouterOS version 6.xx\
\n# /tool fetch mode=https url=\$\"direct url\"\
\n# :global \"direct-url\" \"https://freedns.afraid.org/dynamic/update.php\
\\\?UVdjU2lzQmQwSkdjZW9aWkNleTdJdXFtOjg2NTI0NzE=\"\
\n\
\n# http://wiki.mikrotik.com/wiki/Manual:Scripting\
\n# http://wiki.mikrotik.com/wiki/Manual:Scripting-examples\
\n# http://wiki.mikrotik.com/wiki/Manual:Tools/Fetch\
\n# http://forum.ixbt.com/topic.cgi\?id=14:60498-86#2373\
\n\
\n##############Script FreeDNS.afraid.org##################"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local