[研究所] MikroTik RouterOS 學習 (持續更新) (第203頁)

tedg77
個人積分：5分
文章編號：50276857

5分

2021樓

2014-05-23 1:37

我有一台RB750GL和一台RB751G-2HnD(有無線網路)
電腦接在RB750GL下，可以顯示95樂府的網頁
電腦接在RB751G-2HnD下，無法顯示95樂府的網頁
NB和兩隻手機用wifi連接RB751G-2HnD，NB無法顯示網頁，手機可以顯示網頁
RB751G-2HnD的wlan&lan是bridge在一起的
兩台機器都是Reset過後重新設定的，設定都是一樣的，系統都是6.13
想請教一下有沒有解決的方法，謝謝。

filter設定如下

action=drop chain=input comment=\

"\A5\E1\B1\F3\ABD\A5\BB\BE\F7\AA\BA\AB\CA\A5]" dst-address-type=!local

action=drop chain=input comment="\\A5\\E1\\B1\\F3\\A6h\\BC\\BD\\AA\\BA\\AB\\CA\\A5]"

src-address-type=!unicast

action=drop chain=input comment="DoS\\A9\\DA\\B5\\B4\\AAA\\B0\\C8\\A7\\F0\\C0\\BB" \

connection-limit=10,32 protocol=tcp

action=drop chain=input comment="\\A5\\E1\\B1\\F3\\B5L\\AE\\C4\\AA\\BA\\AB\\CA\\A5]"

connection-state=invalid

action=drop chain=forward connection-state=invalid

action=drop chain=input comment="\\A8\\BE\\A4\\EE\\B3Q\\B1\\BD\\BA\\CB Port" \

protocol=tcp src-address-list="port scanners"

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp psd=21,3s,3,1

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp tcp-flags=\

fin,!syn,!rst,!psh,!ack,!urg

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp tcp-flags=syn,rst

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp tcp-flags=\

fin,psh,urg,!syn,!rst,!ack

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp tcp-flags=\

fin,syn,rst,psh,ack,urg

action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input protocol=tcp tcp-flags=\

!fin,!syn,!rst,!psh,!ack,!urg

action=drop chain=input comment=\

"MikroTik RouterOS \A8\BE\A4\EE FTP SSH Telnet Winbox \B3Q\B2q\B1K\BDX" \

dst-port=21,22,23,8291 protocol=tcp src-address-list=login_blacklist

action=add-src-to-address-list address-list=login_blacklist \

address-list-timeout=1d chain=input connection-state=new dst-port=\

21,22,23,8291 protocol=tcp src-address-list=login_stage5

action=add-src-to-address-list address-list=login_stage5 \

address-list-timeout=1m chain=input connection-state=new dst-port=\

21,22,23,8291 protocol=tcp src-address-list=login_stage4

action=add-src-to-address-list address-list=login_stage4 \

address-list-timeout=1m chain=input connection-state=new dst-port=\

21,22,23,8291 protocol=tcp src-address-list=login_stage3

action=add-src-to-address-list address-list=login_stage3 \

address-list-timeout=1m chain=input connection-state=new dst-port=\

21,22,23,8291 protocol=tcp src-address-list=login_stage2

action=add-src-to-address-list address-list=login_stage2 \

address-list-timeout=1m chain=input connection-state=new dst-port=\

21,22,23,8291 protocol=tcp src-address-list=login_stage1

action=add-src-to-address-list address-list=login_stage1 \

address-list-timeout=1m chain=input connection-state=new dst-port=\

21,22,23,8291 protocol=tcp

chain=input comment="\\A4\\B9\\B3\\\\\\B0\\CF\\BA\\F4\\B3s\\BDu" src-address-list=\

Lan

chain=forward src-address-list=Lan

chain=forward comment="\\A4\\B9\\B3\\\\ICMP\\A6^\\C0\\B3" protocol=icmp

流星墜落要3秒，月亮升起要1天，地球公轉要1年，但我不知道，等待心愛人回來，究竟要多久？

gfx

gfx
個人積分：1603分
文章編號：50277122

1603分

2022樓

2014-05-23 2:21

tedg77 wrote:
我有一台RB750G...(恕刪)

感覺是rb751g-2hnd interface的問題。
不過先問您filter您是設在哪台上？正確是只能在rb-750gl建立才正確。

雖然我覺得問題不在filter，但我建議您先將所有filter rules先全部off掉。
Interface還沒解決，又有filter作梗，這不是解決問題的方法。

若真非interface問題，在off filter的情況下所有的問題都沒了，
您再一個個filter rule慢慢on，等遇到會影響路由的rule時，再刪除這筆rule不就好？