This is my setup:
Code: Select all
/interface bridge
add fast-forward=no name=bridge-control
/interface ethernet
set [ find default-name=ether4 ] comment=trunk-vlans-in name=ether04
set [ find default-name=ether12 ] comment="server 10.20.30.151"
/interface vlan
add interface=ether04 name=vlan-hr101 vlan-id=101
add interface=ether04 name=vlan-hr102 vlan-id=102
add interface=ether04 name=vlan-hr103 vlan-id=103
add interface=ether04 name=vlan-hr104 vlan-id=104
add interface=ether04 name=vlan-hr105 vlan-id=105
/ip pool
add name=dhcp_pool1 ranges=10.20.30.100-10.20.30.140
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-control name=dhcp1
/interface bridge port
add bridge=bridge-control horizon=1 interface=ether05
add bridge=bridge-control horizon=1 interface=ether06
add bridge=bridge-control interface=ether07
add bridge=bridge-control interface=ether08
add bridge=bridge-control interface=ether09
add bridge=bridge-control interface=ether10
add bridge=bridge-control interface=ether11
add bridge=bridge-control interface=ether12
/ip address
add address=10.102.100.2/24 comment=hahx interface=ether04 network=10.102.100.0
add address=10.46.233.254/24 comment=hr101 interface=vlan-hr101 network=10.46.233.0
add address=10.101.253.254/24 comment=hr102 interface=vlan-hr102 network=10.101.253.0
add address=10.96.129.254/24 comment=hr103 interface=vlan-hr103 network=10.96.129.0
add address=10.207.91.254/24 comment=hr104 interface=vlan-hr104 network=10.207.91.0
add address=10.214.77.254/24 comment=hr105 interface=vlan-hr105 network=10.214.77.0
add address=10.20.30.254/24 comment=lan-control interface=bridge-control network=10.20.30.0
/ip dhcp-server lease
add address=10.20.30.151 client-id=*************** comment=server mac-address=10.20.30.151 server=dhcp1
/ip dhcp-server network
add address=10.20.30.0/24 dns-server=10.20.30.254 gateway=10.20.30.254
/ip dns
set allow-remote-requests=yes servers=109.224.14.2,109.224.14.3
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.20.30.0/24
/ip route
add distance=1 gateway=10.102.100.1
We have disabled the server firewall in order to focus on the router side only, so when we want to monitor a device the response from the server says "device cannot reach server via "http://10.20.30.151:9081/AC2/report please check your firewall setting".
As in this photo:
https://drive.google.com/open?id=1EarZK ... T7OS-KVsXp
As i understand from some online search the following ports should be allowed:
1- Port 22 TCP, for ssh access.
2- Port 10001 UDP, for discovery. (I think this one is working okay since i can discover all devices across all vlans)
3- The radio also needs to reach the AC2 server on port 9081 TCP for sending heartbeats.
So i have tried some port forwarding and came up with this firewall nat setting and testing it on vlan101 network only for now (10.46.233.0/24):
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.20.30.0/24
add action=dst-nat chain=dstnat dst-address=10.46.233.0/24 dst-port=22 protocol=tcp to-addresses=10.20.30.0/24 to-ports=22
add action=dst-nat chain=dstnat dst-address=10.46.233.0/24 dst-port=10001 protocol=udp to-addresses=10.20.30.0/24 to-ports=10001
add action=dst-nat chain=dstnat dst-address=10.46.233.0/24 dst-port=9081 protocol=tcp to-addresses=10.20.30.0/24 to-ports=9081
https://drive.google.com/open?id=1gj4nM ... wKvmrLtW_q
Can you guys help me solve this please?
Thanks in advance...
