una domanda come da titolo ho due wan e una lan interna dove ho i miei pc con indirizzo 192.168.1.0/24 e sempre nella stessa la ho delle stampanti fiscali con indirizzi 192.168.5.0/24 che ora dovranno uscire su internet per poter trasmettere i dati all'allagenzia delle entrate.
sulle due wan ho una vdsl e un gestore wireless gia configurati per uscire prima con la vdsl poi se cade la prima va con la seconda una su 192.168.3.0/24 e l'altra su 192.168.2.0/24
sulle stampanti basta aggiungere il gw di uscita 192.168.3.1?
- Codice: Seleziona tutto
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.115-192.168.1.150
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge hw=no interface=ether3
add bridge=bridge hw=no interface=ether4
add bridge=bridge hw=no interface=ether5
add bridge=bridge interface=sfp1
/interface l2tp-server server
set enabled=yes ipsec-secret=vpn use-ipsec=yes
/interface list member
add comment=t**** interface=ether1 list=WAN
add comment="lan interna" interface=bridge list=LAN
add comment=e*** interface=ether2 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.2.2/24 interface=ether2 network=192.168.2.0
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=192.168.3.2/24 interface=ether1 network=192.168.3.0
/ip cloud
set ddns-update-interval=12h
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=bridge
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=bridge
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=no-mark passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=no-mark passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=dst-nat chain=dstnat comment="*****" dst-port=90 log=yes protocol=tcp to-addresses=192.168.1.206 to-ports=80
add action=dst-nat chain=dstnat comment="*****" dst-port=8000 protocol=tcp to-addresses=192.168.1.206 to-ports=8000
add action=dst-nat chain=dstnat comment=sigest dst-port=8008 protocol=tcp src-port="" to-addresses=192.168.1.38 to-ports=8008
add action=dst-nat chain=dstnat comment="****" dst-port=4433 protocol=tcp to-addresses=192.168.1.38 to-ports=4433
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=dst-nat chain=dstnat comment="*****" dst-port=554 protocol=tcp to-addresses=192.168.1.206 to-ports=554
add action=dst-nat chain=dstnat comment="*******" dst-port=50080 protocol=tcp to-addresses=192.168.1.170 to-ports=50080
add action=dst-nat chain=dstnat comment="******" dst-port=50084 protocol=tcp to-addresses=192.168.1.171 to-ports=50084
add action=dst-nat chain=dstnat comment="******" dst-port=50081 protocol=tcp to-addresses=192.168.1.200 to-ports=50081
add action=dst-nat chain=dstnat comment="******" dst-port=8004 protocol=tcp to-addresses=192.168.1.230 to-ports=8000
add action=dst-nat chain=dstnat comment="*****" dst-port=92 protocol=tcp to-addresses=192.168.1.230 to-ports=80
add action=dst-nat chain=dstnat comment="****" dst-port=60001-60007 protocol=tcp to-addresses=192.168.2.252 to-ports=60001-60007
add action=dst-nat chain=dstnat comment="****" dst-port=60008 protocol=tcp to-addresses=192.168.2.252 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=60020 protocol=tcp to-addresses=192.168.1.81 to-ports=60020
/ip route
add distance=2 gateway=192.168.2.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote