patchang wrote:
各位大大不知是否有人...(恕刪)
請用本站右邊搜尋功能搜尋本討論串關鍵字"proxy-arp"
我有兩個routeros, 各自區網都可以上網,兩個區網也用pptp連接起來
都可以互相訪問到對方區網內的電腦
現在區網A 中有三台電腦要透過區網B的WAN連出去
所以我設定以下的routeing (mangle已經標記好了)
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway="ovpn from LANB" routing-mark="LANB"
這樣這三台電腦都變成無法上網
但是若是改為
/ip route
add distance=1 dst-address=106.0.0.0/8 gateway="ovpn from LANB" routing-mark="LANB"
[ps. www.whatismyip.com.tw的ip是106.187.42.221,如果要訪問這個網站就從LANB出去]
這樣查到的IP 是LANB IP
會甚麼會有這個情形?
應該也可以針對這三台電腦設定Default gateway呀!
是不是少設定了甚麼東西?
請各位高手幫忙指導一下!!
What's new in 6.16 (2014-Jul-16 08:55):
*) ovpn - fixed ethernet mode;
*) certificates - use SHA256 for fingerprinting;
*) ipsec - fix AH proposal and problem when sometimes policy was not generated;
*) snmp - support AES encryption (rfc3826);
*) l2tp server: added option to enable IPsec automatically;
*) poe-out: added power-cycle-ping and power-cycle-interval settings;
*) gps - increased retry duration to 30 seconds;
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
*) sntp - disabling/enabling client was causing dynamic-servers to be ignored
(bug introduced in 6.14);
*) tilera - improved handling of bad blocks in nand;
*) ipsec - allow multiple encryption algorithms per peer;
*) email - support tls only connections;
*) smb - fixed usb share issues after reboot
*) snmp - fix v3 protocol time window checks;
*) updated timezone information;
*) quickset - added VPN settings for HomeAP mode;
irsjx2vxo3ne3k84dr1dz4,r4pe8bez3/4ne3bq4bew2j92gea jx4hq me-2d8 e3hy4hi2ty k84!
"OVPN"是因為gateway的名字忘了改(以前用OVPN, 現在改為PPTP)
原本我跟您的想法一樣
先Mangle Src-Address(ROS-A的3台電腦) ,再到/IP Routes新增:
dst-address=0.0.0.0/0 gateway=172.19.0.2 routing-mark="to ROS-B WAN"
只是我這樣子設定,會造成這三台電腦都無法上網
但是若將dst-address改為(106.0.0.0/8)就可以上網(只有106開頭的dst address會轉到WAN B)
所以做了一個測試,由這三台電腦去開www.whatismyip.com.tw(IP是106.187.42.221,所以會透過wan B出去),web上看到的ip address確實是wanB的
我的問題在於
為何相同的設定
指定0.0.0.0/0的時候,反而會造成不能上網
而指定106.0.0.0/0的時候,卻可以將www.whatismyip.com.tw正確的導向從wanB出去
是不是這種設定,要排除掉某些特定的ip,不可以直接設定0.0.0.0/0??
chain=input action=mark-connection new-connection-mark=Hinet-Fixed IP passthrough=yes connection-state=new in-interface=Hinet-Fixed IP
chain=output action=mark-routing new-routing-mark=To Hinet-Fixed IP passthrough=yes connection-mark=Hinet-Fixed IP
chain=input action=mark-connection new-connection-mark=Hinet-Dyn IP passthrough=yes connection-state=new in-interface=Hinet-Dyn IP
chain=output action=mark-routing new-routing-mark=To Hinet-Dyn IP passthrough=yes connection-mark=Hinet-Dyn IP
;;; 2WAN Settings
chain=prerouting action=mark-connection new-connection-mark=Hinet-Fixed IP passthrough=yes connection-state=new in-interface=Hinet-Fixed IP
chain=prerouting action=mark-connection new-connection-mark=Hinet-Dyn IP passthrough=yes connection-state=new in-interface=Hinet-Dyn IP
chain=prerouting action=mark-routing new-routing-mark=To Hinet-Fixed IP passthrough=yes in-interface=bridge-LAN connection-mark=Hinet-Fixed IP
chain=prerouting action=mark-routing new-routing-mark=To Hinet-Dyn IP passthrough=yes in-interface=bridge-LAN connection-mark=Hinet-Dyn IP
;;; Mark WANB Routing Tag
chain=prerouting action=mark-connection new-connection-mark=WANB passthrough=yes connection-state=new src-address=192.168.1.207
chain=prerouting action=mark-routing new-routing-mark=WANB passthrough=no connection-mark=WANB
我先將192.168.1.207這台電腦標記routing mark=WANB
然後
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway="PPTPWANB" routing-mark="WANB"
PPTP的masquerade也設定了
chain=srcnat action=masquerade out-interface=PPTPWANB
內文搜尋
從 APP 打開
X