Hi.
I have one router in one companyt and other in another one. I created a IP tunnel.
Inside the routers (using Winbox) I am able to go to Tools > Ping and ping each other or any IP of each network. But when I go to any machine in each pont, I am NOT able to ping any other machine or router of the other network.
Basically, I am able to see each router from inside the router (so I guess the IP tunnel is working), but from any machine I am not able to ping other machine of the other side.
Do I need to set up anything extra ? make an extra setup in NAT ? Masquarade ? Firewall ?
cheers
-
-
2fast4youbr
Member Candidate
- Posts: 113
- Joined:
Re: IP Tunnel only works between routers and not network
Post your configs from the two routers? Could be a bunch of things.Hi.
I have one router in one companyt and other in another one. I created a IP tunnel.
Inside the routers (using Winbox) I am able to go to Tools > Ping and ping each other or any IP of each network. But when I go to any machine in each pont, I am NOT able to ping any other machine or router of the other network.
Basically, I am able to see each router from inside the router (so I guess the IP tunnel is working), but from any machine I am not able to ping other machine of the other side.
Do I need to set up anything extra ? make an extra setup in NAT ? Masquarade ? Firewall ?
cheers
-
-
2fast4youbr
Member Candidate
- Posts: 113
- Joined:
Re: IP Tunnel only works between routers and not network
OK... take a look
A
B
A
Code: Select all
# nov/28/2013 15:53:57 by RouterOS 6.6
# software id = 8EY5-QI0I
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Link1
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface ipip
add local-address=187.X.X.X name=IPIP-MACKGRAFE remote-address=187.Y.Y.Y
/interface vlan
add interface=ether1-Link1 l2mtu=1516 name=vLanTelefonica vlan-id=10
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=\
vLanTelefonica name=TelefoniaPPPoE password=XXXXXX user=\xxxxxxxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=Pool-CV-Office ranges=192.168.30.10-192.168.30.254
add name=Pool-VPN ranges=172.0.0.2-172.0.0.10
/ip dhcp-server
add add-arp=yes address-pool=Pool-CV-Office always-broadcast=yes disabled=no \
interface=ether2-master-local name=Dhcp-CV-Office
/port
set 0 name=serial0
/ppp profile
add local-address=172.0.0.1 name=profile1-vpn-cv only-one=yes remote-address=\
Pool-VPN
/queue tree
add max-limit=4M name=LEVEL_A_UP parent=ether1-Link1 queue=default
add max-limit=4M name=LEVEL_A_DOWN parent=ether2-master-local queue=default
add max-limit=900k name=LEVEL_B_UP parent=ether1-Link1 queue=default
add max-limit=4M name=LEVEL_B_DOWN parent=ether2-master-local queue=default
add max-limit=900k name=LEVEL_C_UP parent=ether1-Link1 queue=default
add max-limit=4M name=LEVEL_C_DOWN parent=ether2-master-local queue=default
add name=VOIP_U packet-mark=VOIP parent=LEVEL_A_UP priority=1 queue=default
add name=VOIP_D packet-mark=VOIP parent=LEVEL_A_DOWN priority=1 queue=default
add name=ACK_U packet-mark=ACK parent=LEVEL_B_UP priority=1 queue=default
add name=ACK_D packet-mark=ACK parent=LEVEL_B_DOWN priority=1 queue=default
add name=DNS_U packet-mark=DNS parent=LEVEL_B_UP priority=2 queue=default
add name=DNS_D packet-mark=DNS parent=LEVEL_B_DOWN priority=2 queue=default
add name=UDP_U packet-mark=UDP parent=LEVEL_B_UP priority=3 queue=default
add name=UDP_D packet-mark=UDP parent=LEVEL_B_DOWN priority=3 queue=default
add name=ICMP_U packet-mark=ICMP parent=LEVEL_B_UP priority=4 queue=default
add name=ICMP_D packet-mark=ICMP parent=LEVEL_B_DOWN priority=4 queue=default
add name=HTTP_U packet-mark=HTTP parent=LEVEL_C_UP priority=1 queue=default
add name=HTTP_D packet-mark=HTTP parent=LEVEL_C_DOWN priority=1 queue=default
add name=HTTP_BIG_U packet-mark=HTTP_BIG parent=LEVEL_C_UP priority=2 queue=\
default
add name=HTTP_BIG_D packet-mark=HTTP_BIG parent=LEVEL_C_DOWN priority=2 \
queue=default
add name=OTHER_U packet-mark=OTHER parent=LEVEL_C_UP priority=3 queue=default
add name=OTHER_D packet-mark=OTHER parent=LEVEL_C_DOWN priority=3 queue=\
default
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin paypal-accept-pending=no \
paypal-allowed=no paypal-secure-response=no permissions=owner \
signup-allowed=no time-zone=-00:00
/interface l2tp-server server
set enabled=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.30.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.30.0
add address=1.1.1.1/24 interface=IPIP-MACKGRAFE network=1.1.1.0
/ip arp
add address=192.168.30.5 comment="Imp OfficeJet276dw" interface=\
ether2-master-local mac-address=88:51:FB:13:19:6C
add address=192.168.30.6 comment="Imp OfficeJet7500A" interface=\
ether2-master-local mac-address=10:60:4B:DF:A7:44
add address=192.168.30.3 comment="Servidor DELL R420" interface=\
ether2-master-local mac-address=F0:1F:AF:D3:61:48
add address=192.168.30.2 comment="Switch Dell PowerConnect 2428" interface=\
ether2-master-local mac-address=D0:67:E5:C5:9C:3D
add address=192.168.30.7 comment=WirelessTelefonica interface=\
ether2-master-local mac-address=78:54:2E:29:C7:2D
add address=192.168.30.4 comment="VoIP - CIP850" interface=\
ether2-master-local mac-address=00:1A:3F:03:8D:A7
/ip dhcp-server alert
add alert-timeout=10m disabled=no interface=ether1-Link1
add alert-timeout=10m disabled=no interface=ether2-master-local
/ip dhcp-server lease
add address=192.168.30.5 client-id=1:88:51:fb:13:19:6c comment=\
"Imp OfficeJet276dw" mac-address=88:51:FB:13:19:6C server=Dhcp-CV-Office
add address=192.168.30.6 client-id=1:10:60:4b:df:a7:44 comment=\
"Imp OfficeJet7500A" mac-address=10:60:4B:DF:A7:44 server=Dhcp-CV-Office
add address=192.168.30.4 client-id=1:fa:75:a2:1c:bc:78 comment=\
"VoIP - CIP850" mac-address=00:1A:3F:03:8D:A7 server=Dhcp-CV-Office
add address=192.168.30.103 client-id=1:bc:85:56:fc:9d:91 comment=\
"Note CV-NOTE-01 Robson" mac-address=BC:85:56:FC:9D:91 server=\
Dhcp-CV-Office
add address=192.168.30.125 client-id=1:0:1a:3f:10:89:29 comment=\
"Ramal 25 Eng Paulo" mac-address=00:1A:3F:10:89:29 server=Dhcp-CV-Office
add address=192.168.30.120 client-id=1:0:1a:3f:10:84:b1 comment=\
"Ramal 20 Jacineide" mac-address=00:1A:3F:10:84:B1 server=Dhcp-CV-Office
add address=192.168.30.128 client-id=1:0:15:65:48:54:69 comment=\
"Ramal 28 Daniele" mac-address=00:15:65:48:54:69 server=Dhcp-CV-Office
add address=192.168.30.122 client-id=1:0:15:65:48:51:17 comment=\
"Ramal 22 Pedro" mac-address=00:15:65:48:51:17 server=Dhcp-CV-Office
add address=192.168.30.123 client-id=1:0:15:65:48:51:43 comment=\
"Ramal 23 Arq Fabio" mac-address=00:15:65:48:51:43 server=Dhcp-CV-Office
add address=192.168.30.121 client-id=1:0:15:65:48:53:7b comment=\
"Ramal 21 Eng Milton" mac-address=00:15:65:48:53:7B server=Dhcp-CV-Office
add address=192.168.30.126 client-id=1:0:15:65:48:53:4d comment=\
"Ramal 26 Sala Reuniao" mac-address=00:15:65:48:53:4D server=\
Dhcp-CV-Office
add address=192.168.30.106 client-id=1:74:86:7a:f6:49:cf comment=\
"Micro CV-003 Daniele" mac-address=74:86:7A:F6:49:CF server=\
Dhcp-CV-Office
add address=192.168.30.105 client-id=1:74:86:7a:f6:48:ce comment=\
"Micro CV-004 Cleide" mac-address=74:86:7A:F6:48:CE server=Dhcp-CV-Office
add address=192.168.30.102 client-id=1:74:86:7a:f6:49:bd comment=\
"MIcro CV-002 Jacineide" mac-address=74:86:7A:F6:49:BD server=\
Dhcp-CV-Office
add address=192.168.30.101 client-id=1:0:1f:c6:20:f6:b4 comment=\
"Micro CV-006 Arq Fabio" mac-address=00:1F:C6:20:F6:B4 server=\
Dhcp-CV-Office
add address=192.168.30.104 client-id=1:0:1d:60:dd:4f:80 comment=\
"Micro CV-010 Pedro" mac-address=00:1D:60:DD:4F:80 server=Dhcp-CV-Office
add address=192.168.30.100 client-id=1:90:b1:1c:8f:eb:90 comment=\
"Micro CV-001 Eng Paulo" mac-address=90:B1:1C:8F:EB:90 server=\
Dhcp-CV-Office
add address=192.168.30.127 client-id=1:0:15:65:48:53:93 comment=\
"Ramal 27 Cleide" mac-address=00:15:65:48:53:93 server=Dhcp-CV-Office
/ip dhcp-server network
add address=192.168.30.0/24 comment="Default Civilterra" dns-server=\
192.168.30.1 gateway=192.168.30.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.30.3
/ip firewall filter
add action=drop chain=input comment="Drop PING" in-interface=TelefoniaPPPoE \
protocol=icmp
add action=drop chain=input comment="Drop common ports" dst-port=80,443,21,22 \
in-interface=TelefoniaPPPoE protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=DNS connection-state=new \
new-connection-mark=DNS port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS new-packet-mark=\
DNS passthrough=no
add action=mark-connection chain=postrouting connection-state=new \
new-connection-mark=DNS port=53 protocol=udp
add action=mark-packet chain=postrouting connection-mark=DNS new-packet-mark=\
DNS passthrough=no
add action=mark-connection chain=prerouting comment=VOIP new-connection-mark=\
VOIP port=5060,5061,10000-50000 protocol=udp
add action=mark-packet chain=prerouting connection-mark=VOIP new-packet-mark=\
VOIP passthrough=no
add action=mark-connection chain=prerouting comment=UDP connection-state=new \
new-connection-mark=UDP protocol=udp
add action=mark-packet chain=prerouting connection-mark=UDP new-packet-mark=\
UDP passthrough=no
add action=mark-connection chain=prerouting comment=ICMP connection-state=new \
new-connection-mark=ICMP protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP new-packet-mark=\
ICMP passthrough=no
add action=mark-connection chain=postrouting connection-state=new \
new-connection-mark=ICMP protocol=icmp
add action=mark-packet chain=postrouting connection-mark=ICMP \
new-packet-mark=ICMP passthrough=no
add action=mark-packet chain=postrouting comment=ACK new-packet-mark=ACK \
packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting new-packet-mark=ACK packet-size=0-123 \
passthrough=no protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment=HTTP connection-mark=\
!HTTP_BIG connection-state=new new-connection-mark=HTTP port=80,443 \
protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=500000-0 \
connection-mark=HTTP connection-rate=200k-100M new-connection-mark=\
HTTP_BIG protocol=tcp
add action=mark-packet chain=prerouting connection-mark=HTTP_BIG \
new-packet-mark=HTTP_BIG passthrough=no
add action=mark-packet chain=prerouting connection-mark=HTTP new-packet-mark=\
HTTP passthrough=no
add action=mark-connection chain=prerouting comment=OTHER connection-mark=\
no-mark new-connection-mark=OTHER
add action=mark-packet chain=prerouting connection-mark=OTHER \
new-packet-mark=OTHER passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=TelefoniaPPPoE
add action=masquerade chain=srcnat src-address=172.0.0.0/24
add action=dst-nat chain=dstnat comment=Siecon dst-port=3155 in-interface=\
TelefoniaPPPoE protocol=tcp to-addresses=192.168.30.3 to-ports=3155
add action=dst-nat chain=dstnat comment=VoIP dst-port=5060-5065 in-interface=\
TelefoniaPPPoE protocol=udp to-addresses=192.168.30.4 to-ports=5060-5065
add action=dst-nat chain=dstnat comment=VoIP dst-port=20000-50000 \
in-interface=TelefoniaPPPoE protocol=udp to-addresses=192.168.30.4 \
to-ports=20000-50000
add action=dst-nat chain=dstnat comment="FTP Cameras" dst-port=2111 \
in-interface=TelefoniaPPPoE protocol=tcp to-addresses=192.168.30.3 \
to-ports=2111
/ip firewall service-port
set ftp disabled=yes ports=21,2111
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
/ip route
add distance=1 dst-address=192.168.40.0/28 gateway=1.1.1.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8899
set api-ssl disabled=yes
/ppp secret
add name=patrick profile=profile1-vpn-cv service=pptp
add name=pedro profile=profile1-vpn-cv service=pptp
add name=paulo profile=profile1-vpn-cv service=pptp
add name=cv service=pptp
add name=fabio profile=profile1-vpn-cv service=pptp
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=CV-OFFICE
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set TelefoniaPPPoE disabled=yes display-time=5s
set <pptp-paulo> disabled=yes display-time=5s
set ether1-Link1 disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
set vLanTelefonica disabled=yes display-time=5s
set IPIP-MACKGRAFE disabled=yes display-time=5s
/system logging
add topics=l2tp
add topics=ipsec
/system ntp client
set enabled=yes primary-ntp=216.239.32.15 secondary-ntp=216.239.34.15
/system scheduler
add interval=30m name=runNoIp on-event=noip policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=sep/10/2013 start-time=04:05:45
/system script
add name=noip policy=ftp,read,write,test,winbox,password,api source="\r\
\n:local noipuser \"yyyyyyy\"\r\
\n:local noippass \"xxxxxxxx\"\r\
\n:local noiphost \"aaaaaaaaaaaaaaaaa\"\r\
\n:local inetinterface \"TelefoniaPPPoE\"\r\
\n\r\
\n\r\
\n#***********************************************************************\
*************************\r\
\n# Parameters\r\
\n#***********************************************************************\
*************************\r\
\n:local username \"yyyyyyy\"\r\
\n:local password \"xxxxxxxx\"\r\
\n:local hostname \"qqqqqqqqqqqqqq\"\r\
\n\r\
\n#availabe options: \"http\" or \"iface\"\r\
\n# - http: will query an external server and discover you public ip (user\
ful for NATted connections)\r\
\n# - iface: will use the ip address assigned to the \$iface interface (se\
e below)\r\
\n\r\
\n:local discoverBy \"iface\"\r\
\n\r\
\n# interface used to get ip address from (only if discoverBy = iface)\r\
\n\r\
\n:local iface \"TelefoniaPPPoE\"\r\
\n\r\
\n# current available services: \"dyndns\", \"noip\" and \"changeip\"\r\
\n:local service \"noip\"\r\
\n\r\
\n# number of days to force an update if your IP did not change (helps kee\
ping your account active)\r\
\n:local forceUpdate 15\r\
\n\r\
\n#***********************************************************************\
*************************\r\
\n# do not change below this unless you know what you are doing\r\
\n#***********************************************************************\
*************************\r\
\n\r\
\n:local force\r\
\n:global lastUpdate\r\
\n:local currentIP\r\
\n\r\
\n:if (\$discoverBy=\"http\") do={ \r\
\n /tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" d\
st-path=\"/dyndns.checkip.html\"\r\
\n :local result [/file get dyndns.checkip.html contents]\r\
\n :local resultLen [:len \$result]\r\
\n :local startLoc [:find \$result \": \" -1]\r\
\n :set startLoc (\$startLoc + 2)\r\
\n :local endLoc [:find \$result \"</body>\" -1]\r\
\n :set currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n} else={\r\
\n :set currentIP [ /ip address get [find interface=\$iface disabled=no]\
\_address ]\r\
\n :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
\n :if ( [:pick \$currentIP \$i] = \"/\") do={ :set currentIP [:pick \
\$currentIP 0 \$i] } \r\
\n }\r\
\n}\r\
\n\r\
\n#get IP from DynDNS for our hostname\r\
\n:local resolvedIP [:resolve \$hostname]\r\
\n\r\
\n# get current date in format mm/DD/YYYY\r\
\n:local date [ /system clock get date ]\r\
\n\r\
\n# convert to YYYYMMDD\r\
\n:local months (\"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\
\"aug\",\"sep\",\"oct\",\"nov\",\"dec\");\r\
\n:local month [ :pick \$date 0 3 ]; :local day [ :pick \$date 4 6 ]; :loc\
al year [ :pick \$date 7 11 ];\r\
\n:local mm ([ :find \$months \$month -1 ] + 1);\r\
\n:if (\$mm < 10) do={ :set month (\"0\" . \$mm); } else={ :set month \$mm\
; }\r\
\n:set date (\$year . \$month . \$day);\r\
\n\r\
\n:if ([ :typeof \$lastUpdate ]=[:nothing] || ((\$date-\$lastUpdate) >= \$\
forceUpdate && \$forceUpdate > 0)) do={ \r\
\n :set force true \r\
\n}\r\
\n\r\
\n:put (\"Current IP: \$currentIP (\$discoverBy), Last update: \$lastUpdat\
e\")\r\
\n\r\
\n# Determine if dyndns update is needed\r\
\n:if ((\$currentIP != \$resolvedIP) || (\$force = true)) do={\r\
\n \r\
\n :if (\$service = \"dyndns\") do={\r\
\n /tool fetch user=\$username password=\$password mode=http address\
=\"members.dyndns.org\" \\\r\
\n src-path=\"/nic/update\?hostname=\$hostname&myip=\$currentIP\
\" dst-path=\"/output.txt\"\r\
\n }\r\
\n :if (\$service = \"noip\") do={\r\
\n /tool fetch user=\$username password=\$password mode=http address\
=\"dynupdate.no-ip.com\" \\\r\
\n src-path=\"/nic/update\?hostname=\$hostname&myip=\$currentIP\
\" dst-path=\"/output.txt\"\r\
\n }\r\
\n :if (\$service = \"changeip\") do={\r\
\n /tool fetch user=\$username password=\$password mode=http address\
=\"nic.changeip.com\" \\\r\
\n src-path=\"/nic/update\?hostname=\$hostname&myip=\$currentIP\
\" dst-path=\"/output.txt\"\r\
\n }\r\
\n \r\
\n :local result [/file get output.txt contents]\r\
\n :log info (\"dynamic-dns-updater: Service = \$service, Hostname = \$\
hostname\")\r\
\n :log info (\"dynamic-dns-updater: CurrentIP = \$currentIP, Resolved \
IP = \$resolvedIP\")\r\
\n :log info (\"dynamic-dns-updater: Update result: \".\$result)\r\
\n /ip dns cache flush\r\
\n :set lastUpdate \$date\r\
\n}"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
B
Code: Select all
# nov/28/2013 15:54:33 by RouterOS 6.6
# software id = VTS9-AKN6
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Link1
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-Link1 name=\
TelefonicaPPPoE password=XXXXXX user=XXXXXX
/interface ipip
add local-address=187.Y.Y.Y name=IPIP-CV remote-address=187.X.X.X
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=PoolMackGrafe ranges=192.168.40.10-192.168.40.254
add name=PoolVPN ranges=175.0.0.2-175.0.0.10
/ip dhcp-server
add address-pool=PoolMackGrafe disabled=no interface=ether2-master-local \
name=DhcpMackGrafe
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes local-address=175.0.0.1 name=ProfileVPN \
remote-address=PoolVPN
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin paypal-accept-pending=no \
paypal-allowed=no paypal-secure-response=no permissions=owner \
signup-allowed=no time-zone=-00:00
/ip address
add address=192.168.40.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.40.0
add address=1.1.1.2/24 interface=IPIP-CV network=1.1.1.0
/ip arp
add address=192.168.40.2 comment="Wireless D-Link" interface=\
ether2-master-local mac-address=AC:F1:DF:27:F0:3C
add address=192.168.40.9 comment="Relogio Ponto" interface=\
ether2-master-local mac-address=9C:45:63:01:E1:00
/ip dhcp-server lease
add address=192.168.40.3 client-id=1:90:2:a9:98:1e:f8 comment=Dvr \
mac-address=90:02:A9:98:1E:F8 server=DhcpMackGrafe
add address=192.168.40.4 client-id=1:18:a9:5:15:74:cf comment=Impressora \
mac-address=18:A9:05:15:74:CF server=DhcpMackGrafe
/ip dhcp-server network
add address=192.168.40.0/24 gateway=192.168.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.40.1 name=RouterMackGrafe
/ip firewall filter
add action=drop chain=input comment="Drop PING" in-interface=TelefonicaPPPoE \
protocol=icmp
add action=drop chain=input comment="Drop Common Ports" dst-port=80,443,21,22 \
in-interface=TelefonicaPPPoE protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment=DVR dst-port=37777 in-interface=\
TelefonicaPPPoE protocol=tcp to-addresses=192.168.40.3
add action=dst-nat chain=dstnat comment=DVR dst-port=80 in-interface=\
TelefonicaPPPoE protocol=tcp to-addresses=192.168.40.3 to-ports=80
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=TelefonicaPPPoE to-addresses=0.0.0.0
add chain=srcnat dst-address=192.168.30.0/28 src-address=192.168.40.0/28
/ip route
add distance=1 dst-address=192.168.30.0/28 gateway=IPIP-CV
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8899
set api-ssl disabled=yes
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=CV-MACK
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set TelefonicaPPPoE disabled=yes display-time=5s
set ether1-Link1 disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
set IPIP-CV disabled=yes display-time=5s
/system logging
add topics=ipsec
/system ntp client
set enabled=yes primary-ntp=216.239.32.15 secondary-ntp=216.239.34.15
/system scheduler
add interval=30m name=runNoIp on-event=noip policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=sep/10/2013 start-time=05:00:00
/system script
add name=noip policy=ftp,read,test,winbox,sniff,api source="\r\
\n:local noipuser \"yyyyyyy\"\r\
\n:local noippass \"xxxxxxxx\"\r\
\n:local noiphost \"wwwwwwww,\"\r\
\n:local inetinterface \"TelefonicaPPPoE\"\r\
\n\r\
\n\r\
\n#***********************************************************************\
*************************\r\
\n# Parameters\r\
\n#***********************************************************************\
*************************\r\
\n:local username \"yyyyyyy\"\r\
\n:local password \"xxxxxxxx\"\r\
\n:local hostname \"wwwwwwww\"\r\
\n\r\
\n#availabe options: \"http\" or \"iface\"\r\
\n# - http: will query an external server and discover you public ip (user\
ful for NATted connections)\r\
\n# - iface: will use the ip address assigned to the \$iface interface (se\
e below)\r\
\n\r\
\n:local discoverBy \"iface\"\r\
\n\r\
\n# interface used to get ip address from (only if discoverBy = iface)\r\
\n\r\
\n:local iface \"TelefonicaPPPoE\"\r\
\n\r\
\n# current available services: \"dyndns\", \"noip\" and \"changeip\"\r\
\n:local service \"noip\"\r\
\n\r\
\n# number of days to force an update if your IP did not change (helps kee\
ping your account active)\r\
\n:local forceUpdate 15\r\
\n\r\
\n#***********************************************************************\
*************************\r\
\n# do not change below this unless you know what you are doing\r\
\n#***********************************************************************\
*************************\r\
\n\r\
\n:local force\r\
\n:global lastUpdate\r\
\n:local currentIP\r\
\n\r\
\n:if (\$discoverBy=\"http\") do={ \r\
\n /tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" d\
st-path=\"/dyndns.checkip.html\"\r\
\n :local result [/file get dyndns.checkip.html contents]\r\
\n :local resultLen [:len \$result]\r\
\n :local startLoc [:find \$result \": \" -1]\r\
\n :set startLoc (\$startLoc + 2)\r\
\n :local endLoc [:find \$result \"</body>\" -1]\r\
\n :set currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n} else={\r\
\n :set currentIP [ /ip address get [find interface=\$iface disabled=no]\
\_address ]\r\
\n :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
\n :if ( [:pick \$currentIP \$i] = \"/\") do={ :set currentIP [:pick \
\$currentIP 0 \$i] } \r\
\n }\r\
\n}\r\
\n\r\
\n#get IP from DynDNS for our hostname\r\
\n:local resolvedIP [:resolve \$hostname]\r\
\n\r\
\n# get current date in format mm/DD/YYYY\r\
\n:local date [ /system clock get date ]\r\
\n\r\
\n# convert to YYYYMMDD\r\
\n:local months (\"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\
\"aug\",\"sep\",\"oct\",\"nov\",\"dec\");\r\
\n:local month [ :pick \$date 0 3 ]; :local day [ :pick \$date 4 6 ]; :loc\
al year [ :pick \$date 7 11 ];\r\
\n:local mm ([ :find \$months \$month -1 ] + 1);\r\
\n:if (\$mm < 10) do={ :set month (\"0\" . \$mm); } else={ :set month \$mm\
; }\r\
\n:set date (\$year . \$month . \$day);\r\
\n\r\
\n:if ([ :typeof \$lastUpdate ]=[:nothing] || ((\$date-\$lastUpdate) >= \$\
forceUpdate && \$forceUpdate > 0)) do={ \r\
\n :set force true \r\
\n}\r\
\n\r\
\n:put (\"Current IP: \$currentIP (\$discoverBy), Last update: \$lastUpdat\
e\")\r\
\n\r\
\n# Determine if dyndns update is needed\r\
\n:if ((\$currentIP != \$resolvedIP) || (\$force = true)) do={\r\
\n \r\
\n :if (\$service = \"dyndns\") do={\r\
\n /tool fetch user=\$username password=\$password mode=http address\
=\"members.dyndns.org\" \\\r\
\n src-path=\"/nic/update\?hostname=\$hostname&myip=\$currentIP\
\" dst-path=\"/output.txt\"\r\
\n }\r\
\n :if (\$service = \"noip\") do={\r\
\n /tool fetch user=\$username password=\$password mode=http address\
=\"dynupdate.no-ip.com\" \\\r\
\n src-path=\"/nic/update\?hostname=\$hostname&myip=\$currentIP\
\" dst-path=\"/output.txt\"\r\
\n }\r\
\n :if (\$service = \"changeip\") do={\r\
\n /tool fetch user=\$username password=\$password mode=http address\
=\"nic.changeip.com\" \\\r\
\n src-path=\"/nic/update\?hostname=\$hostname&myip=\$currentIP\
\" dst-path=\"/output.txt\"\r\
\n }\r\
\n \r\
\n :local result [/file get output.txt contents]\r\
\n :log info (\"dynamic-dns-updater: Service = \$service, Hostname = \$\
hostname\")\r\
\n :log info (\"dynamic-dns-updater: CurrentIP = \$currentIP, Resolved \
IP = \$resolvedIP\")\r\
\n :log info (\"dynamic-dns-updater: Update result: \".\$result)\r\
\n /ip dns cache flush\r\
\n :set lastUpdate \$date\r\
\n}"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
Re: IP Tunnel only works between routers and not network
Two things:
On B:
add distance=1 dst-address=192.168.30.0/28 gateway=IPIP-CV
is wrong... your gateway should be the IP of the remote side... NOT the interface.
Also... what exactly is the purpose of this rule on B's NAT chains? I don't think you really want to do this.:
add chain=srcnat dst-address=192.168.30.0/28 src-address=192.168.40.0/28
On B:
add distance=1 dst-address=192.168.30.0/28 gateway=IPIP-CV
is wrong... your gateway should be the IP of the remote side... NOT the interface.
Also... what exactly is the purpose of this rule on B's NAT chains? I don't think you really want to do this.:
add chain=srcnat dst-address=192.168.30.0/28 src-address=192.168.40.0/28
-
-
2fast4youbr
Member Candidate
- Posts: 113
- Joined:
Re: IP Tunnel only works between routers and not network
When I change to de IP of the gateway, it says unreachable.
Is there a nice tutorial of IP tunel that I can follow ?
cheers
Is there a nice tutorial of IP tunel that I can follow ?
cheers
Re: IP Tunnel only works between routers and not network
It should be whatever the address assigned to your ipip tunnel.. Eg 1.1.1.2 in your case.. I can poke at it if you give me remote access...
Sent from my SCH-I545 using Tapatalk
Sent from my SCH-I545 using Tapatalk
-
-
2fast4youbr
Member Candidate
- Posts: 113
- Joined:
Re: IP Tunnel only works between routers and not network
Efaden....
I will give you access... send me a MP with you email...
Thanks for the help;
cheers
I will give you access... send me a MP with you email...
Thanks for the help;
cheers
Re: IP Tunnel only works between routers and not network
Can't PM on this forum. My email is the same as my username here @gmail.comEfaden....
I will give you access... send me a MP with you email...
Thanks for the help;
cheers
Re: IP Tunnel only works between routers and not network
Assuming that this is still unanswered, I think this is a common issue with tunnel. Where inside network in Network A cannot ping the inside network in Network B.
You need to tell your MTK, on to exclude those private IPs in masquerading.
You need to tell your MTK, on to exclude those private IPs in masquerading.