reklama

Zobrazit příspěvky

Tato sekce Vám umožňuje zobrazit všechny příspěvky tohoto uživatele. Prosím uvědomte si, že můžete vidět příspěvky pouze z oblastí Vám přístupných.


Příspěvky - googler1

Stran: [1]
1
Caute
Mam linux webserver na nom mam nainstalovany apache a firewall UFW - Povolene porty 80 a 443 (skusal som aj vypnut firewall ale nepomohlo to).

Na mikrotiku pouzivam PPP klienta (premenovany na WAN) pre pripojenie cez DSL Telekom a modem je v rezime bridge
Dalej som na mikrotiku v tom rychlom sprievodcovi zaklikol NAT aby nebolo "vidiet" z vonku do lokalnej siete 
Okrem portu Eth1 mam vsetky porty prebridgovane a nazov bridgeu je LAN
V porte Eth2 mam zapojeny switch a v nom vsetky koncove zariadenia a AP
Mam zapnuty DHCP server
Pravidla firewallu na mikrotiku vyzeraju takto (aj tie som skusal vypnut nepomohlo):

Kód: [Vybrat]
ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0    ;;; Accept established and related packets
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 1    ;;; Accept all connections from local network
      chain=input action=accept in-interface=LAN log=no log-prefix=""

 2    ;;; Accept established and related packets
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; Drop invalid packets
      chain=input action=drop connection-state=invalid log=yes log-prefix=""

 4    ;;; Drop all packets which are not destined to routes IP address
      chain=input action=drop dst-address-type=!local log=yes log-prefix=""

 5    ;;; Drop all packets which does not have unicast source IP address
      chain=input action=drop src-address-type=!unicast log=yes log-prefix=""

 6    ;;; Drop all packets from public internet which should not exist in public network
      chain=input action=drop src-address-list=NotPublic in-interface=WAN log=yes log-prefix=""

 7    ;;; Drop invalid packets
      chain=forward action=drop connection-state=invalid log=yes log-prefix=""

 8    ;;; Drop new connections from internet which are not dst-natted
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=WAN log=yes log-prefix=""

 9    ;;; Drop all packets from public internet which should not exist in public network
      chain=forward action=drop src-address-list=NotPublic in-interface=WAN log=yes log-prefix=""

10    ;;; Drop all packets from local network to internet which should not exist in public network
      chain=forward action=drop dst-address-list=NotPublic in-interface=LAN log=yes log-prefix=""

11    ;;; Drop all packets in local network which does not have local network address
      chain=forward action=drop src-address=!router.lan.ip.0/24 in-interface=LAN log=yes log-prefix=""

12    ;;; Drop new connections from internet which are not dst-natted
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=WAN log=yes log-prefix=""

NAT (forwarding portov) vyzera takto:

Kód: [Vybrat]
/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=srcnat action=masquerade src-address=router.lan.ip.0/24 out-interface=WAN log=no log-prefix=""

 1    chain=dstnat action=dst-nat to-addresses=apache.webserver.lan.ip to-ports=80 protocol=tcp dst-address=router.lan.ip in-interface=WAN dst-port=80 log=no log-prefix=""

 2    chain=dstnat action=dst-nat to-addresses=apache.webserver.lan.ip to-ports=443 protocol=tcp dst-address=router.lan.ip in-interface=WAN dst-port=443 log=no log-prefix=""

skusal som aj alternativu nastavenia dst-address priamo na verejnu IP routera ale ani to nepomohlo


vysledok je taky ze v ramci lan je apache pristupny ale neviem preco nepocuva aj na verejnej IP? Myslim ze pricina bude v mikrotiku a nie vo webservery aj ked neviem presne kde v mikrotiku.

Stran: [1]

reklama