2
« Poslední příspěvek od googler2 kdy Dnes v 18:45:42 »
Caute chlapy,
sorry, ze zase ozivujem tuto temu, ale asi nie je vhodne stale zakladat nove temy, ked tak nech ma moderatori upozornia a zalozim novu. Stale mam problem s tlaciarnou (tiskarnou) a myslim si, ze problem bude vo firewalle, ale neviem kde, takze sem vyprintujem cely filter.
Situacia sa v podstate dotyka styroch vlan:
- base je management vlana, ktora ma pristup do celej LAN, teda do vsetkych vlan
- fix je vlana pre bezne domace zariadenia (PC, NTB, mobily). Docasny pristup do celej LAN
- host je vlana pre navstevy
- veci je IoT vlana, v ktorej je aj tlaciaren
z fix a host vlan je tlaciaren pristupna, ale zvlastne je, ze cez pravidlo 14, ktore by malo zabezpecit pristup z host vlan nepretekaju ziadne pakety a tlaciaren je pristupna aj po vypnuti toho pravidla. Tlaciaren nie je vobec pristupna z base vlany, ktora by mala mat pristup do celej LAN - pravidlo 9, takze na zaklade toho by mala byt pristupna aj tlaciaren:
Flags: X - disabled, I - invalid; D - dynamic
0 chain=input action=accept connection-state=established,related
1 chain=input action=accept in-interface=fix_vlan log=no log-prefix=""
2 chain=input action=accept protocol=udp src-address-list=LAN_ip in-interface-list=LAN dst-port=5353 log=no log-prefix=""
3 chain=input action=drop connection-state=invalid
4 chain=input action=jump jump-target=WAN>INPUT in-interface-list=WAN log=no log-prefix=""
5 chain=input action=drop log=yes
6 chain=forward action=accept connection-state=established,related log=no log-prefix=""
7 chain=forward action=accept protocol=udp src-address-list=LAN_ip dst-address-list=dns in-interface-list=LAN dst-port=53 log=no log-prefix=""
8 chain=forward action=accept in-interface-list=LAN out-interface-list=WAN log=no log-prefix=""
9 chain=forward action=accept in-interface=base_vlan out-interface-list=LAN log=no log-prefix=""
10 chain=forward action=accept in-interface=fix_vlan out-interface-list=LAN log=no log-prefix=""
11 chain=forward action=accept src-address-list=Bernardo out-interface-list=LAN log=no log-prefix=""
12 chain=forward action=accept protocol=tcp src-address-list=Budky_ip in-interface=media_vlan out-interface=fix_vlan dst-port=8008-8010 log=no log-prefix=""
13 chain=forward action=accept dst-address-list=NAS in-interface=media_vlan log=no log-prefix=""
14 ;;; Tlac_Host
chain=forward action=accept dst-address-list=tlaciaren in-interface=host_vlan log=no log-prefix=""
15 ;;; DSTNAT
chain=forward action=accept connection-nat-state=dstnat log=no log-prefix=""
16 chain=forward action=drop connection-state=invalid
17 chain=forward action=drop src-address-list=!base_ip in-interface=base_vlan log=no log-prefix=""
18 chain=forward action=drop src-address-list=!fix_ip in-interface=fix_vlan log=no log-prefix=""
19 chain=forward action=drop src-address-list=!media_ip in-interface=media_vlan log=no log-prefix=""
20 chain=forward action=drop src-address-list=!veci_ip in-interface=veci_vlan log=no log-prefix=""
21 chain=forward action=drop src-address-list=!nowan_ip in-interface=nowan_vlan log=no log-prefix=""
22 chain=forward action=drop src-address-list=!host_ip in-interface=host_vlan log=no log-prefix=""
23 chain=forward action=drop in-interface=host_vlan out-interface=fix_vlan log=no log-prefix=""
24 chain=forward action=drop in-interface=veci_vlan out-interface=fix_vlan log=no log-prefix=""
25 chain=forward action=drop in-interface=veci_vlan out-interface=host_vlan log=no log-prefix=""
26 chain=forward action=drop in-interface=veci_vlan out-interface=media_vlan log=no log-prefix=""
27 chain=forward action=drop in-interface=host_vlan out-interface=base_vlan log=no log-prefix=""
28 chain=forward action=drop dst-address-list=bogon log=yes log-prefix="bogon"
29 chain=forward action=drop log=no log-prefix=""
30 chain=WAN>INPUT action=drop log=no log-prefix=""