6
Mikrotik RB2011 Router und Wrt54gl Access points über W-Lan kein Internet
Erst einmal ein Hallo an euch
Ich habe folgendes Problem ich kann nicht über Wlan ins Internet ob wohl ich eine IP-Adresse per dhcp bekomme, aber über das Lan funktioniert hier mein ist mein Netzwerkaufbau
auf den Port 4 Wlan Hotspot habe ich eine PicoStation2 drauf und funktioniert einwandfrei
auf den Port 2 Wlan habe ich eine WRT54gl drauf und funktioniert über Wlan nicht wenn ich mich mit dem Iphon4 verbinde geht es zwar aber wenn ich einen Speedtest starte bekomme ich immer die Meldung "Netzwerk Kommunikationsproblem" was kann da schuld sein???
Mit freundlichen Grüßen. Lightman
Ich habe folgendes Problem ich kann nicht über Wlan ins Internet ob wohl ich eine IP-Adresse per dhcp bekomme, aber über das Lan funktioniert hier mein ist mein Netzwerkaufbau
auf den Port 4 Wlan Hotspot habe ich eine PicoStation2 drauf und funktioniert einwandfrei
auf den Port 2 Wlan habe ich eine WRT54gl drauf und funktioniert über Wlan nicht wenn ich mich mit dem Iphon4 verbinde geht es zwar aber wenn ich einen Speedtest starte bekomme ich immer die Meldung "Netzwerk Kommunikationsproblem" was kann da schuld sein???
Mit freundlichen Grüßen. Lightman
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 274118
Url: https://administrator.de/contentid/274118
Ausgedruckt am: 21.11.2024 um 23:11 Uhr
6 Kommentare
Neuester Kommentar
Moin Lichtmann,
Daten und Fakten zählen hier wie immer mehr als 1000 Worte!
Gruß jodel32
was kann da schuld sein???
an deiner Config sehr wahrscheinlich, nur seh ich die hier irgendwie nicht, oder bin ich blind ?Daten und Fakten zählen hier wie immer mehr als 1000 Worte!
Gruß jodel32
Was solch ich dir senden welche Einstellungen?
/interface ethernet>
- NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
- NAME RANGES
- NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
- INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
- ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT STATUS
- ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
ether1 1500 D4:CA:6D:AD:75:79 enabled none switch1
1 X ;;; A1 WAN2 UMTS-Router Ersatzinternet IP:192.168.0.1
ether2 1500 D4:CA:6D:AD:75:7A enabled none switch1
2 RS ;;; 24 Port HUB 192.168.2.1 ARP Enable alle MAC-Adressen gehen, bei AR...
ether3 1500 4C:5E:0C:7F:7A:8F enabled none switch1
3 S ;;; Masterport=ether3 Server
ether4 1500 4C:5E:0C:7F:7A:90 enabled ether3 switch1
4 S ;;; Masterport=ether3 Server ADMIN-PORT CATKABEL-16
ether5 1500 D4:CA:6D:AD:75:7D disabled ether3 switch1
5 S ;;; Br cke Vlan30 Gastro
ether6 1500 4C:5E:0C:7F:7A:92 disabled none switch2
6 S ;;; Br cke Vlan40 Nachbarn
ether7 1500 4C:5E:0C:7F:7A:93 enabled none switch2
7 S ;;; Br cke Vlan50 Hotspot
ether8 1500 4C:5E:0C:7F:7A:94 enabled none switch2
8 RS ;;; Masterport ether10
ether9 1500 4C:5E:0C:7F:7A:95 enabled ether10 switch2
9 RS ;;; Br cke Vlan 1+3+4+5+6
ether10 1500 4C:5E:0C:7F:7A:96 enabled none switch2
10 X sfp1 1500 4C:5E:0C:7F:7A:8C enabled none switch1
/ip pool
1 dhcp-Hotspot-192.168.5.1 192.168.5.20-192.168.5.50
2 VPN-POOL-Extern 10.0.0.2-10.0.0.254
3 dhcp_pool1 xxx.xxx.xx.2-xxx.xxx.xx.254
4 dhcp-Gastro-192.168.3.1 192.168.3.20-192.168.3.100
5 dhcp-Nachbarn-192.168.4.1 192.168.4.20-192.168.4.100
6 dhcp-Server-Drucker-192.168.6.1 192.168.6.20-192.168.6.125
/ip dhcp-server
1 Hotspot Zelli bridge Hotspot dhcp-Hotspot-192.168.5.1 1h
2 Gastro bridge Gastro dhcp-Gastro-192.168.3.1 10m
3 Nachbarn bridge Nachbar dhcp-Nachbarn-192.168.4.1 10m
4 Server-Drucker vlan6 Server-Drucker-60 dhcp-Server-Drucker-192.168... 1h
/ip address
0 ;;; Zelli configuration 24 Port Hub
192.168.2.1/24 192.168.2.0 bridge Zelli-Lan
1 ;;; Hotspot
192.168.5.1/24 192.168.5.0 bridge Hotspot
2 ;;; Gastro
192.168.3.1/24 192.168.3.0 vlan3 Gastro-30
3 ;;; Nachbarn
192.168.4.1/24 192.168.4.0 vlan4 Nachbarn-40
4 ;;; Server-Drucker
192.168.6.1/24 192.168.6.0 vlan6 Server-Drucker-60
5 D xx.xxx.xx.162/24 xx.xxx.xx.0 ether1
/ip dhcp-client
ether1 yes yes bound xx.xxx.xx.xxx/24
1 X ether2 yes no
/ip dhcp-server lease
192.168.2.22 00:04:20:2D:01:33 SqueezeboxRadio dhcp1 Zel... bound
1 ;;; Wired RS485 Lan Gateway CCU2 Homatic Bus Interface
192.168.2.96 00:1A:22:04:33:8A LEQ0151744 dhcp1 Zel... bound
2 ;;; Julia-Tablet
192.168.4.156 00:80:C2:87:2F:0C android-b06a... Nachbarn waiting
3 ;;; Sebastian-Tablet
192.168.4.157 00:80:C2:41:56:6F android-44ef... Nachbarn waiting
4 ;;; Ecobee Thermostat
192.168.2.29 00:19:88:42:EF:E8 dhcp1 Zel... bound
5 ;;; Iphone 4 Thomas
192.168.2.206 CC:08:E0:0D:4C:F2 ThomasZellhofer dhcp1 Zel... waiting
6 ;;; Acer mini PC
192.168.2.183 C4:46:19:3C:11:E2 dhcp1 Zel... waiting
7 ;;; Mackie Mixer Thomas
192.168.2.24 00:0F:F2:03:19:C1 dhcp1 Zel... waiting
8 ;;; Apple TV2 Lan
192.168.2.190 58:1F:AA:FE:07:55 dhcp1 Zel... waiting
9 ;;; Apple TV2 Wlan
192.168.2.191 58:1F:AA:FE:07:54 dhcp1 Zel... waiting
10 ;;; Internetradio Keller
192.168.2.31 00:04:20:2E:45:CC dhcp1 Zel... waiting
11 D 192.168.2.27 00:04:20:2E:45:CC SqueezeboxRadio dhcp1 Zel... bound
12 X ;;; Stadthalle Trussing Wlan Router
192.168.2.199 B4:75:0E:CC:22:8E dhcp1 Zel... waiting
13 ;;; Dominiks-iPad
192.168.4.95 8C:7C:92:04:07:56 Dominiks-iPad Nachbarn bound
14 D 192.168.4.93 10:92:66:52:57:68 android-614f... Nachbarn bound
15 D 192.168.5.48 C4:17:FE:10:26:37 user-don6e5b2ax Hotspot Z... bound
/ip dhcp-server network
192.168.2.0/24 192.168.2.1 192.168.2.1
1 ;;; Vlan Gastro
192.168.3.0/24 192.168.3.1 192.168.3.1
2 ;;; Vlan Nachbarn
192.168.4.0/24 192.168.4.1 192.168.4.1
3 ;;; Bridge Hotspot
192.168.5.0/24 192.168.5.1 192.168.5.1
4 ;;; Server-Drucker
192.168.6.0/24 192.168.6.1 192.168.6.1
/ip firewall filter
0 ;;; MikroTik Original
chain=input action=accept protocol=icmp log=no log-prefix=""
1 ;;; MikroTik Original
chain=input action=accept connection-state=established log=no log-prefix=""
2 ;;; MikroTik Original
chain=input action=accept connection-state=related log=no log-prefix=""
3 ;;; PPTP VPN erlauben
chain=input action=accept protocol=tcp dst-port=!1723 log=no log-prefix=""
4 ;;; PPTP VPN erlauben
chain=input action=accept protocol=!gre log=no log-prefix=""
5 X ;;; QNAP VPN 1723 durchleiten derzeit AUS da VPN am Router eingerichtet ist und sowieso dadurch ein ist
chain=forward action=accept protocol=udp port=1723 log=no log-prefix=""
6 ;;; f r VPN wenn NEW aus ist geht keine VPN+TIKTOOL?
chain=input action=accept connection-state=related,new log=no log-prefix=""
7 X ;;; f r VPN
chain=input action=log in-interface=ether1 log=no log-prefix=""
8 ;;; f r VPN
chain=input action=drop in-interface=ether1 log=no log-prefix=""
9 ;;; Add Syn Flood IP to the list
chain=input action=add-src-to-address-list tcp-flags=syn protocol=tcp address-list=Syn_Flooder
address-list-timeout=30m connection-limit=30,32 log=no log-prefix=""
10 ;;; Drop to syn flood list
chain=input action=drop src-address-list=Syn_Flooder log=no log-prefix=""
11 ;;; Port Scanner Detect
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner
address-list-timeout=1w log=no log-prefix=""
12 ;;; Drop to port scan list
chain=input action=drop src-address-list=Port_Scanner log=no log-prefix=""
13 ;;; Jump for icmp input flow
14 ;;; Jump for icmp forward flow
chain=forward action=jump jump-target=ICMP protocol=icmp log=no
log-prefix=""
15 ;;; Drop to bogon list
chain=forward action=drop dst-address-list=bogons log=no log-prefix=""
16 ;;; Add Spammers to the list for 3 hours
chain=forward action=add-src-to-address-list protocol=tcp
address-list=spammers address-list-timeout=3h dst-port=25,587
connection-limit=30,32 limit=30/1m,0 log=no log-prefix=""
17 ;;; Avoid spammers action
chain=forward action=drop protocol=tcp src-address-list=spammers
dst-port=25,587 log=no log-prefix=""
18 ;;; Accept DNS - UDP
chain=input action=accept protocol=udp port=53 log=no log-prefix=""
19 ;;; Accept DNS - TCP
chain=input action=accept protocol=tcp port=53 log=no log-prefix=""
20 ;;; Accept to established connections
chain=input action=accept connection-state=established log=no
log-prefix=""
21 ;;; Accept to related connections
chain=input action=accept connection-state=related log=no log-prefix=""
22 ;;; Full access to SUPPORT address list
chain=input action=accept src-address-list=support log=no log-prefix=""
23 ;;; Echo request - Avoiding Ping Flood
chain=ICMP action=accept protocol=icmp icmp-options=8:0 limit=1,5
log=no log-prefix=""
24 ;;; Echo reply
chain=ICMP action=accept protocol=icmp icmp-options=0:0 log=no
log-prefix=""
25 ;;; Time Exceeded
chain=ICMP action=accept protocol=icmp icmp-options=11:0 log=no
log-prefix=""
26 ;;; Destination unreachable
chain=ICMP action=accept protocol=icmp icmp-options=3:0-1 log=no
log-prefix=""
27 ;;; PMTUD
chain=ICMP action=accept protocol=icmp icmp-options=3:4 log=no
log-prefix=""
28 ;;; Drop to the other ICMPs
chain=ICMP action=drop protocol=icmp log=no log-prefix=""
29 ;;; Jump for icmp output
chain=output action=jump jump-target=ICMP protocol=icmp log=no
log-prefix=""
30 ;;; Neue Regeln ab mai 2015 Alle Verbindungen vom Lan zum Router erlaube>
log-prefix=""
chain=input action=accept in-interface=ether1 log=no log-prefix=""
31 ;;; bestehende Verbindung erlauben
chain=input action=accept connection-state=established log=no
log-prefix=""
32 ;;; ung ltige Packete blockieren
chain=forward action=drop connection-state=invalid log=no log-prefix=""
33 ;;; ICMP erlauben
chain=input action=accept protocol=icmp log=no log-prefix=""
34 ;;; gesperrte SSH IPs blockieren
chain=forward action=accept src-address-list=SSH-Blacklist log=no
log-prefix=""
35 ;;; gesperrte Port-Sanner IPs blockieren
chain=forward action=drop src-address-list=Portscan Blacklist log=no
log-prefix=""
36 ;;; FTP-Blacklist
chain=forward action=drop src-address-list=FTP-Blacklist log=no
log-prefix=""
37 X ;;; nch 4 neuen SSH Verbinungen innerhalb einer Minute IP f r 1 Woche au>
ie Blockliste UNFOLLST NDIG
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp address-list=SSH-Blacklist address-list-timeout=1w
dst-port=22 log=no log-prefix=""
38 X ;;; nch 4 neuen SSH Verbinungen innerhalb einer Minute IP f r 1 Woche au>
ie Blockliste UNFOLLST NDIG
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3
address-list-timeout=1m dst-port=22 log=no log-prefix=""
39 X ;;; nch 4 neuen SSH Verbinungen innerhalb einer Minute IP f r 1 Woche au>
ie Blockliste UNFOLLST NDIG
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2
address-list-timeout=1m dst-port=22 log=no log-prefix=""
40 ;;; Src.Adress List= unsernetz
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=xx.xxx.xx.xxx address-list=ssh_stage1
address-list-timeout=1m dst-port=22 log=no log-prefix=""
41 ;;; nach 6 neuen RDP Verbindungen innerhalb 1 Minute IP f r 1 Woche auf >
Blocklist
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=rdp_stage5 address-list=RDP-Blacklist
address-list-timeout=1w dst-port=3389 log=no log-prefix=""
42 ;;; nach 6 neuen RDP Verbindungen innerhalb 1 Minute IP f r 1 Woche auf >
Blocklist
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=rdp_stage3 address-list=rdp_stage4
address-list-timeout=1m dst-port=3389 log=no log-prefix=""
43 ;;; nach 6 neuen RDP Verbindungen innerhalb 1 Minute IP f r 1 Woche auf >
Blocklist
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=rdp_stage4 address-list=rdp_stage5
address-list-timeout=1m dst-port=3389 log=no log-prefix=""
44 ;;; nach 6 neuen RDP Verbindungen innerhalb 1 Minute IP f r 1 Woche auf >
Blocklist
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=rdp_stage2 address-list=rdp_stage3
address-list-timeout=1m dst-port=3389 log=no log-prefix=""
45 ;;; nach 6 neuen RDP Verbindungen innerhalb 1 Minute IP f r 1 Woche auf >
Blocklist
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=rdp_stage1 address-list=rdp_stage2
address-list-timeout=1m dst-port=3389 log=no log-prefix=""
46 ;;; SRC-ADDRESS-LIST=!UNSERNETZ
chain=forward action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=xx.xxx.xx.xxx address-list=rdp_stage1
address-list-timeout=1m dst-port=3389 log=no log-prefix=""
47 ;;; 4 falsche POP3 Anmeldungen pro Minute erlauben
chain=forward action=accept protocol=tcp dst-address-list=xx.xxx.xx.xxx
src-port=110 content=-ERR Authentication failed
dst-limit=1/1m,4,dst-address/1m40s log=no log-prefix=""
48 ;;; 4 falsche FTP Anmeldungen pro Minute erlauben
chain=forward action=accept protocol=tcp dst-address-list=xx.xxx.xx.xxx
src-port=21 content=530 Login incorrect
dst-limit=1/1m,4,dst-address/1m40s log=no log-prefix=""
49 ;;; nach der 5. falschen POP3 Anmeldung f r 1 Woche auf die Blocklist
chain=forward action=add-dst-to-address-list protocol=tcp
dst-address-list=xx.xxx.xx.xxx address-list=pop3_blacklist
address-list-timeout=1w src-port=110 content=-ERR Authentication failed
log=no log-prefix=""
50 ;;; nach der 5. falschen FTP Anmeldung f r 1 Woche auf die Blocklist
chain=forward action=add-dst-to-address-list protocol=tcp
dst-address-list=xx.xxx.xx.xxx address-list=ftp_blacklist
address-list-timeout=1w src-port=21 content=530 Login incorrect log=no
log-prefix=""
51 ;;; Port-Scans erkannen und IP f r 1 Woche auf die Blocklist
chain=forward action=add-src-to-address-list protocol=tcp psd=20,3s,3,1
src-address-list=xx.xxx.xx.xxx address-list=portscan_blacklist
address-list-timeout=1w log=no log-prefix=""
52 ;;; Port-Scans erkannen und IP f r 1 Woche auf die Blocklist
chain=input action=add-src-to-address-list protocol=tcp psd=20,3s,3,1
src-address-list=xx.xxx.xx.xxx address-list=portscan_blacklist
address-list-timeout=1w log=no log-prefix=""
53 ;;; Zusatzverbindungen zu bestehende erlauben
chain=input action=accept connection-state=related log=no log-prefix=""
54 ;;; Alle anderen Verbindungen zum ROUTER blockieren
chain=input action=drop log=no log-prefix=""
55 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough log=no log-prefix=""
56 X ;;; Gelogt Sex
chain=forward action=log layer7-protocol=Gesperrt Sex log=no
log-prefix=""
57 X ;;; Gesperrte Seiten sex
chain=forward action=drop layer7-protocol=Gesperrt Sex log=no
log-prefix=""
58 ;;; Gesperrte Seiten Hotmail
chain=forward action=drop layer7-protocol=Gesperte Hotmail log=no
log-prefix=""
59 ;;; Gesperrte Seiten tuneup
chain=forward action=drop layer7-protocol=Gesperte tuneup log=no
log-prefix=""
60 X ;;; Gelogt Update
chain=forward action=log layer7-protocol=Gesperte update log=no
log-prefix=""
61 ;;; Gesperrt Update
chain=forward action=drop layer7-protocol=Gesperte update log=no
log-prefix=""
62 ;;; Gesperrt Microsoft
chain=forward action=drop layer7-protocol=Gesperte Micorsoft
connection-limit=100,32 limit=1,5 log=no log-prefix=""
63 ;;; Gesperrt MSN
chain=forward action=drop layer7-protocol=Gesperte msn log=no
log-prefix=""
64 X ;;; Internetzgangs Anfang (Regeln immer ein) 27-36
chain=input action=accept protocol=icmp log=no log-prefix=""
65 X chain=input action=accept connection-state=established log=no
log-prefix=""
66 X ;;; Das ich auf dem Router komme vom Lan 24 Port Hub
chain=input action=accept in-interface=ether3 log=no log-prefix=""
67 X chain=forward action=accept connection-state=established log=no
log-prefix=""
68 X chain=forward action=accept connection-state=related log=no log-prefix=">
69 X chain=forward action=log connection-state=invalid log=no log-prefix=""
70 X ;;; Internetzgangs Ende (Regeln immer ein) 28-36
chain=forward action=drop connection-state=invalid log=no log-prefix=""
71 ;;; Vlan "established; related"
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
72 ;;; Vlan1 "chain=forward in-interface=vlan1 out-interface=vlan60"
chain=forward action=accept in-interface=vlan1
out-interface=vlan6 Server-Drucker-60 log=no log-prefix=""
73 ;;; Vlan1 "chain=forward in-interface=vlan30 out-interface=vlan60"
chain=forward action=accept in-interface=bridge Gastro
out-interface=vlan6 Server-Drucker-60 log=no log-prefix=""
74 ;;; Vlan1 "chain=forward in-interface=vlan40 out-interface=vlan60"
chain=forward action=accept in-interface=bridge Nachbar
out-interface=vlan6 Server-Drucker-60 log=no log-prefix=""
75 ;;; Vlan1 "chain=forward in-interface=vlan50 out-interface=vlan60"
chain=forward action=accept in-interface=bridge Hotspot
out-interface=vlan6 Server-Drucker-60 log=no log-prefix=""
76 X ;;; Vlan1 "chain=forward in-interface=vlan1 dst. Adress: 192.168.6.102"
chain=forward action=accept dst-address=192.168.6.102
in-interface=vlan1 log=no log-prefix=""
77 X ;;; Vlan1 "chain=forward in-interface=vlan1 dst. Adress: 192.168.6.102">
cker HL-5070N
chain=forward action=accept dst-address=192.168.6.222
in-interface=vlan1 log=no log-prefix=""
78 X ;;; Vlan1 "chain=forward in-interface=vlan30 dst. Adress: 192.168.6.102"
chain=forward action=accept dst-address=192.168.6.102
in-interface=bridge Gastro log=no log-prefix=""
79 X ;;; Vlan1 "chain=forward in-interface=vlan30 dst. Adress: 192.168.6.222>
ucker HL-5070N
chain=forward action=accept dst-address=192.168.6.222
in-interface=bridge Gastro log=no log-prefix=""
80 X ;;; Vlan1 "chain=forward in-interface=vlan40 dst. Adress: 192.168.6.102"
chain=forward action=accept dst-address=192.168.6.102
in-interface=bridge Nachbar log=no log-prefix=""
81 X ;;; Vlan1 "chain=forward in-interface=vlan40 dst. Adress: 192.168.6.222>
ucker HL-5070N
chain=forward action=accept dst-address=192.168.6.222
in-interface=bridge Nachbar log=no log-prefix=""
82 ;;; VLAN "action=drop chain=forward in-interface=all-vlan out-interface=>
her1"
chain=forward action=drop in-interface=all-vlan out-interface=!ether1
log=no log-prefix=""
83 ;;; Vlan30 NUR zum Surfen und EMAIL Netz: 192.168.3.1
chain=forward action=accept protocol=tcp dst-address=!192.168.3.0/24
in-interface=bridge Gastro dst-port=25,80,110,443,465,587,995,5222,5938
log=no log-prefix=""
84 X ;;; Vlan30 NUR zum Surfen und EMAIL Netz: 192.168.3.1
chain=forward action=log protocol=tcp dst-address=!192.168.3.0/24
in-interface=bridge Gastro log=no log-prefix=""
85 ;;; Vlan30 NUR zum Surfen und EMAIL Netz: 192.168.3.1
chain=forward action=drop in-interface=bridge Gastro log=no
log-prefix=""
86 ;;; Vlan40 NUR zum Surfen und EMAIL Netz: 192.168.4.1
chain=forward action=accept protocol=tcp dst-address=!192.168.4.0/24
in-interface=bridge Nachbar dst-port=80,443,465,587,995,5222,5938
log=no log-prefix=""
87 X ;;; Vlan40 NUR zum Surfen und EMAIL Netz: 192.168.4.1
chain=forward action=log protocol=tcp dst-address=!192.168.4.0/24
in-interface=bridge Nachbar dst-port=80,443,465,587,995,5222,5938
log=no log-prefix=""
88 ;;; Vlan40 NUR zum Surfen und EMAIL Netz: 192.168.4.1
chain=forward action=drop in-interface=bridge Nachbar log=no
log-prefix=""
89 ;;; VLAN 50 Hotspot NUR zum Surfen + EMAIL +Skype
chain=forward action=accept protocol=tcp dst-address=!192.168.5.0/24
in-interface=bridge Hotspot dst-port=80,443,465,587,995,5222,5938
log=no log-prefix=""
90 X ;;; VLAN 50 Hotspot NUR zum Surfen + EMAIL +Skype
chain=forward action=log in-interface=bridge Hotspot log=no
log-prefix=""
91 ;;; VLAN 50 Hotspot NUR zum Surfen + EMAIL +Skype
chain=forward action=drop in-interface=bridge Hotspot log=no
log-prefix=""
92 ;;; Vlan 60 Server-Drucker NUR zum drucken KEIN EMAIL oder Internet: 19>
68.6.1 Druckerport:9100
chain=forward action=accept protocol=tcp dst-address=!192.168.6.0/24
in-interface=ether1 dst-port=9100 log=no log-prefix=""
93 ;;; Vlan 60 Server-Drucker NUR zum drucken KEIN EMAIL oder Internet: 19>
68.6.1
chain=forward action=drop dst-address=!192.168.6.0/24
in-interface=ether1 log=no log-prefix=""
94 ;;; Komponenten Regel f r Iphone4
chain=forward action=accept protocol=tcp port=123,3689,62078
src-mac-address=CC:08:E0:0D:42:F2 log=no log-prefix=""
95 ;;; Komponenten Regel f r Iphone4
chain=forward action=accept protocol=udp port=123,5353,62078
src-mac-address=CC:08:E0:0D:42:F2 log=no log-prefix=""
96 ;;; qnap system
chain=forward action=accept protocol=udp port=38854,6881 log=no
log-prefix=""
97 ;;; Ecobee Thermostat port 8089 Weiterleitung
chain=forward action=accept protocol=tcp port=8089 log=no log-prefix=""
98 ;;; Ecobee Thermostat port 8089 Weiterleitung
chain=forward action=accept protocol=udp port=3483
src-mac-address=00:04:20:2D:01:33 log=no log-prefix=""
99 X ;;; UE Smartradio: wenn ein kein Internetradio usw.
chain=forward action=drop in-interface=ether3 log=no log-prefix=""
100 ;;; UE Smartradio Wohnzimmer 00:04:20:2d:01:33 Nicht abschalten sonst >
e Funktion von Internetradio
chain=forward action=accept protocol=tcp port=3483,9000,9090
src-mac-address=00:04:20:2D:01:33 log=no log-prefix=""
101 ;;; UE Smartradio Keller 00-04-20-2E-45-CC Nicht abschalten sonst kein>
nktion von Internetradio
chain=forward action=accept protocol=tcp port=3483,9000,9090
src-mac-address=00:04:20:2E:45:CC log=no log-prefix=""
102 ;;; UE Smartradio Nicht abschalten sonst keine Funktion von Internetra>
chain=forward action=accept protocol=tcp src-address=79.125.111.32
port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
103 ;;; UE Smartradio Nicht abschalten sonst keine Funktion von Internetra>
chain=forward action=accept protocol=tcp src-address=79.125.16.68
port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
104 ;;; UE Smartradio Nicht abschalten sonst keine Funktion von Internetra>
chain=forward action=accept protocol=tcp src-address=176.34.103.114
port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
105 ;;; UE Smartradio Nicht abschalten sonst keine Funktion von Internetra>
chain=forward action=accept protocol=udp src-address=79.125.111.32
port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
106 ;;; UE Smartradio Nicht abschalten sonst keine Funktion von Internetra>
chain=forward action=accept protocol=udp src-address=79.125.16.68
port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
107 ;;; UE Smartradio Nicht abschalten sonst keine Funktion von Internetra>
chain=forward action=accept protocol=udp src-address=176.34.103.114
port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
/ip firewall address-list
0 Portscan Blacklist 0.0.0.0
1 SSH-Blacklist 0.0.0.0
2 FTP-Blacklist 0.0.0.0
3 ethernet1-Wan1 xx.xxx.xx.162
4 X ethernet1-Wan2 192.168.0.1
5 ;;; Self-Identification [RFC 3330]
bogons 0.0.0.0/8
6 X ;;; Private[RFC 1918] - CLASS A # Check if you need this subnet before enable it
bogons 10.0.0.0/8
7 ;;; Loopback [RFC 3330]
bogons 127.0.0.0/16
8 ;;; Link Local [RFC 3330]
bogons 169.254.0.0/16
9 X ;;; Private[RFC 1918] - CLASS B # Check if you need this subnet before enable it
bogons 172.16.0.0/12
10 X ;;; Private[RFC 1918] - CLASS C # Check if you need this subnet before enable it
bogons 192.168.0.0/16
11 ;;; Reserved - IANA - TestNet1
bogons 192.0.2.0/24
12 ;;; 6to4 Relay Anycast [RFC 3068]
bogons 192.88.99.0/24
13 ;;; NIDB Testing
bogons 198.18.0.0/15
14 ;;; Reserved - IANA - TestNet2
bogons 198.51.100.0/24
15 ;;; Reserved - IANA - TestNet3
bogons 203.0.113.0/24
16 X ;;; MC, Class D, IANA # Check if you need this subnet before enable it
bogons 224.0.0.0/4
17 Server 192.168.6.102
18 Brother-HL5070N 192.168.6.222
19 X Stadthalle Router-Truss 192.168.2.199
/ip firewall nat
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough to-addresses=0.0.0.0 log=no
log-prefix=""
1 X ;;; Original aber aus
chain=srcnat action=masquerade src-address=192.168.2.0/24 log=no
log-prefix=""
2 ;;; Home 192.168.2.1
chain=srcnat action=masquerade src-address=192.168.2.0/24
out-interface=ether1 log=no log-prefix=""
3 ;;; V-Lan 30 Fink
chain=srcnat action=masquerade src-address=192.168.3.0/24
out-interface=ether1 log=no log-prefix=""
4 ;;; V-Lan 40 Simone
chain=srcnat action=masquerade src-address=192.168.4.0/24
out-interface=ether1 log=no log-prefix=""
5 ;;; V-Lan 50 Hotspot
chain=srcnat action=masquerade src-address=192.168.5.0/24
6 ;;; V-Lan 60 Server-Drucker
chain=srcnat action=masquerade src-address=192.168.6.0/24
out-interface=ether1 log=no log-prefix=""
7 X ;;; masquerade hotspot network
chain=srcnat action=masquerade to-addresses=0.0.0.0
src-address=192.168.5.0/24 dst-address=xx.xxx.xx.xxx log=no
log-prefix=""
8 X ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.5.0/24 log=no
log-prefix=""
9 ;;; DM 800 Keller
chain=dstnat action=dst-nat to-addresses=192.168.2.111 to-ports=80
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=20111 log=no
log-prefix=""
10 chain=dstnat action=dst-nat to-addresses=192.168.2.111 to-ports=80
protocol=udp dst-address=xx.xxx.xx.162 dst-port=20111 log=no
log-prefix=""
11 ;;; DM 600 Keller Stream
chain=dstnat action=dst-nat to-addresses=192.168.2.112 to-ports=80
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=20112 log=no
log-prefix=""
12 chain=dstnat action=dst-nat to-addresses=192.168.2.112 to-ports=80
protocol=udp dst-address=xx.xxx.xx.162 dst-port=20112 log=no
log-prefix=""
13 ;;; DM600 WZ
chain=dstnat action=dst-nat to-addresses=192.168.2.113 to-ports=80
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=20113 log=no
log-prefix=""
14 chain=dstnat action=dst-nat to-addresses=192.168.2.113 to-ports=80
protocol=udp dst-address=xx.xxx.xx.162 dst-port=20113 log=no
log-prefix=""
15 ;;; Stadthalle Live Cam
chain=dstnat action=dst-nat to-addresses=192.168.2.144 to-ports=80
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=144 log=no
log-prefix=""
16 chain=dstnat action=dst-nat to-addresses=192.168.2.144 to-ports=80
protocol=udp dst-address=xx.xxx.xx.162 dst-port=144 log=no
log-prefix=""
17 ;;; Cam Stadthalle
chain=dstnat action=dst-nat to-addresses=192.168.2.147 to-ports=80
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=147 log=no
log-prefix=""
18 chain=dstnat action=dst-nat to-addresses=192.168.2.147 to-ports=80
protocol=udp dst-address=xx.xxx.xx.162 dst-port=147 log=no
log-prefix=""
19 ;;; HL-5070N Drucker Home Laser s/w
chain=dstnat action=dst-nat to-addresses=192.168.2.222 to-ports=9100
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=10222 log=no
log-prefix=""
20 chain=dstnat action=dst-nat to-addresses=192.168.2.222 to-ports=9100
protocol=udp dst-address=xx.xxx.xx.162 dst-port=10222 log=no
log-prefix=""
21 ;;; HL-3070CW Drucker Stadthalle Laser Color
chain=dstnat action=dst-nat to-addresses=192.168.2.221 to-ports=9100
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=10221 log=no
log-prefix=""
22 chain=dstnat action=dst-nat to-addresses=192.168.2.221 to-ports=9100
protocol=udp dst-address=xx.xxx.xx.162 dst-port=10221 log=no
log-prefix=""
23 ;;; QNAP-Plex
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=32400
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=32400 log=no
log-prefix=""
24 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=32400
protocol=udp dst-address=xx.xxx.xx.162 dst-port=32400 log=no
log-prefix=""
25 ;;; QNAP-8082
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=8082
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=8082 log=no
log-prefix=""
26 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=8082
protocol=udp dst-address=xx.xxx.xx.162 dst-port=8082 log=no
log-prefix=""
27 ;;; QNAP-1194
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=1194
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=1194 log=no
log-prefix=""
28 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=1194
protocol=udp dst-address=xx.xxx.xx.162 dst-port=1194 log=no
log-prefix=""
29 ;;; QNAP-21 FTP
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=21
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=21 log=no log-prefix=""
30 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=21
protocol=udp dst-address=xx.xxx.xx.162 dst-port=21 log=no log-prefix=""
31 ;;; QNAP-80 HTTP
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=80
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=80 log=no log-prefix=""
32 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=80
protocol=udp dst-address=xx.xxx.xx.162 dst-port=80 log=no log-prefix=""
33 X ;;; QNAP-1723 VPN
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=1723
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=1723 log=no
log-prefix=""
34 X chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=1723
protocol=udp dst-address=xx.xxx.xx.162 dst-port=1723 log=no
log-prefix=""
35 ;;; QNAP-8080-8085 Port Bereichs Weiterleitung
chain=dstnat action=dst-nat to-addresses=192.168.2.101
to-ports=8080-8085 protocol=tcp dst-address=xx.xxx.xx.162
dst-port=8080-8085 log=no log-prefix=""
36 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=8080-808>
protocol=udp dst-address=xx.xxx.xx.162 dst-port=8080-8085 log=no
log-prefix=""
37 ;;; QNAP-6881-6889 Port Bereichs Weiterleitung
chain=dstnat action=dst-nat to-addresses=192.168.2.101
to-ports=6881-6889 protocol=tcp dst-address=xx.xxx.xx.162
dst-port=6881-6889 log=no log-prefix=""
38 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=6881-688>
protocol=udp dst-address=xx.xxx.xx.162 dst-port=6881-6889 log=no
log-prefix=""
39 ;;; QNAP SSL-Port Nummer443
chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=443
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=443 log=no
log-prefix=""
40 chain=dstnat action=dst-nat to-addresses=192.168.2.101 to-ports=443
protocol=udp dst-address=xx.xxx.xx.162 dst-port=443 log=no
log-prefix=""
41 ;;; Homematic CCU2
chain=dstnat action=dst-nat to-addresses=192.168.2.100 to-ports=2000
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=20100 log=no
log-prefix=""
42 chain=dstnat action=dst-nat to-addresses=192.168.2.100 to-ports=2000
protocol=udp dst-address=xx.xxx.xx.162 dst-port=20100 log=no
log-prefix=""
43 X ;;; Ecobee Thermostat port weiterleitung 8089
chain=dstnat action=accept log=no log-prefix=""
44 ;;; UE-Radio Logitech Wohnzimmer NICHT ABSCHALTEN SONST GEHT RADIO NICHT
chain=dstnat action=dst-nat to-addresses=192.168.2.22 to-ports=3483
protocol=tcp dst-address=xx.xxx.xx.162 dst-port=3483,9000,9090
src-mac-address=00:04:20:2D:01:33 log=no log-prefix=""
45 ;;; UE-Radio Logitech Keller NICHT ABSCHALTEN SONST GEHT RADIO NICHT
chain=dstnat action=dst-nat to-addresses=192.168.2.212 to-ports=3483
protocol=tcp dst-address=xx.xxx.xx.1xxx dst-port=3483,9000,9090
src-mac-address=00:04:20:2E:45:CC log=no log-prefix=""
46 ;;; UE-Radio Logitech muss eingeschaltet sein
chain=dstnat action=dst-nat to-addresses=192.168.2.22 to-ports=3483
protocol=tcp dst-address=xx.xxx.xx.xxx src-address-list=79.125.16.68
dst-port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
47 ;;; UE-Radio Logitech muss eingeschaltet sein
chain=dstnat action=dst-nat to-addresses=192.168.2.22 to-ports=3483
protocol=tcp dst-address=xx.xxx.xx.xxx src-address-list=176.34.103.114
dst-port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
48 ;;; UE-Radio Logitech muss eingeschaltet sein
chain=dstnat action=dst-nat to-addresses=192.168.2.22 to-ports=9000
protocol=udp dst-address=xx.xxx.xx.xxx src-address-list=79.125.111.32
dst-port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
49 ;;; UE-Radio Logitech muss eingeschaltet sein
chain=dstnat action=dst-nat to-addresses=192.168.2.22 to-ports=9000
protocol=udp dst-address=xx.xxx.xx.xxx src-address-list=176.34.103.114
dst-port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
50 ;;; UE-Radio Logitech muss eingeschaltet sein
chain=dstnat action=dst-nat to-addresses=192.168.2.22 to-ports=9000
protocol=udp dst-address=xx.xxx.xx.xxx src-address-list=79.125.16.68
dst-port=3483,9000,9090 src-mac-address=00:04:20:2D:01:33 log=no
log-prefix=""
51 X ;;; Mikrotik-1723 VPN
chain=dstnat action=dst-nat to-addresses=192.168.2.1 to-ports=1723
protocol=tcp dst-address=xx.xxx.xx.xxx dst-port=1723 log=no
log-prefix=""
52 X chain=dstnat action=dst-nat to-addresses=192.168.2.1 to-ports=1723
protocol=udp dst-address=xx.xxx.xx.xxx dst-port=1723 log=no
log-prefix=""
/ip firewall mangle
/ip firewall service-port
0 X ftp 21
1 X tftp 69
2 X irc 6667
3 h323
4 X sip 5060
5061
5 pptp
/ip route
0 ADS 0.0.0.0/0 xx.xxx.xx.1 1
1 ADC xx.xx.xx.0/24 xx.xxx.xxx.162 ether1 0
2 ADC 192.168.2.0/24 192.168.2.1 bridge Zelli-Lan 0
3 ADC 192.168.3.0/24 192.168.3.1 bridge Gastro 0
4 ADC 192.168.4.0/24 192.168.4.1 bridge Nachbar 0
5 ADC 192.168.5.0/24 192.168.5.1 bridge Hotspot 0
6 ADC 192.168.6.0/24 192.168.6.1 vlan6 Server-Dr... 0
Ich hoffe das ist so in Ordnung!
mfg. Lightman
Besten Dank schon mal.
Ist der Thread jetzt gelöst ? Nur mal nachgefragt weil der TO ihn ja jetzt selber auf "Gelöst" gesetzt hat ?!
Nein leider noch nicht ( meine kleine Tochter mit 2 Jahren hat sich mit der Maus gespielt)
Hallo aqui kannst du mir bei meinem Problem Helfen???
lg. Lightman
lg. Lightman
