Доброго времени суток. Недавно стал обладателем 8 портового роутера MikroTik RB2011UiAS-2HnD-IN. До этого не имел оборудования такого класса, но с настройками разобрался. Недавно приобрел домой терморегулятор для теплого пола MCS 350 c удаленным подключением по WiFi. Как и следовало ожидать, роутер по умолчанию блокировал обращения терморегулятора во внешнее облако. Разработчики посоветовали открыть порты 1883 и 1350. Вроде ничего сложного, зашел в настройки nat файрвола и сделал два правила для каждого из портов: Chain dstnat Protocol 6 (tcp) Any. Port 1883 In. Interface All ethernet Action accept Разместил эти два правила выше маскарада. В режиме квик сет вижу мак адрес терморегулятора и уровень сигнала, но к регулятору по прежнему нет доступа извне. Что делаю не так? Заранее Спасибо за внимание к проблеме.
Добрый вечер. Я крайний любитель, но удалось добиться работы устройства через открытые порта, через dstnat и action - dst-nat, когда нажал слева от номера порта знак вопроса. При этом все заработало, кроме раздачи самого интернета через роутер. Как отжимаю слева от порта эту опцию - интернет восстанавливается, но теряется связь периферийного устройства с облаком. Что опять не так?
Добрый вечер. Код: # dec/04/2019 22:44:04 by RouterOS 6.46 # software id = BTYQ-NLUH # # model = 2011UiAS-2HnD # serial number = B9030A826222 /interfacebridge addadmin-mac=74:4D:22:44:E6:40 auto-mac=nocomment=defconf name=bridge /interfacewireless set[finddefault-name=wlan1 ]band=2ghz-b/g/n disabled=nodistance=indoors mode=ap-bridge ssid=#### wireless-protocol=802.11 /interfacewirelessnstreme set wlan1 enable-polling=no /interfacelist addcomment=defconf name=WAN addcomment=defconf name=LAN /interfacewirelesssecurity-profiles set[finddefault=yes]authentication-types=wpa2-psk eap-methods=""mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=###### wpa2-pre-shared-key=###### /ippool addname=default-dhcp ranges=192.168.88.10-192.168.88.254 addname=dhcp_pool1 ranges=192.168.88.2-192.168.88.254 addname=dhcp ranges=192.168.88.2-192.168.88.254 /ipdhcp-server addaddress-pool=default-dhcp authoritative=after-2sec-delay disabled=nointerface=bridge lease-time=8h name=dhcp1 relay=192.168.88.1 addaddress-pool=dhcp disabled=nointerface=bridge name=dhcp2 /interfacebridgeport addbridge=bridge comment=defconf interface=ether2 addbridge=bridge comment=defconf interface=ether3 addbridge=bridge comment=defconf interface=ether4 addbridge=bridge comment=defconf interface=ether5 addbridge=bridge comment=defconf interface=ether6 addbridge=bridge comment=defconf interface=ether7 addbridge=bridge comment=defconf interface=ether8 addbridge=bridge comment=defconf interface=ether9 addbridge=bridge comment=defconf interface=ether10 addbridge=bridge comment=defconf disabled=yesinterface=sfp1 addbridge=bridge comment=defconf interface=wlan1 /ipneighbordiscovery-settings setdiscover-interface-list=LAN /interfacedetect-internet setdetect-interface-list=all /interfacelistmember addcomment=defconf interface=bridge list=LAN addcomment=defconf interface=ether1 list=WAN /interfacewirelessaccess-list addcomment=350 interface=wlan1 mac-address=D8:A0:1D:47:9E:4C addcomment=Asmadey interface=wlan1 mac-address=B8:5D:0A:6F:2D:DD addcomment=Pioneer interface=wlan1 mac-address=00:09:B0:B7:26:6B /ipaddress addaddress=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0 /ipdhcp-client addcomment=defconf disabled=nointerface=ether1 /ipdhcp-servernetwork addaddress=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24 ntp-server=192.168.88.1 /ipdns setallow-remote-requests=yes /ipdnsstatic addaddress=192.168.88.1 name=router.lan /ipfirewallfilter addaction=accept chain=input comment="defconf: accept established,related,untracked"connection-state=established,related,untracked addaction=drop chain=input comment="defconf: drop invalid"connection-state=invalid addaction=accept chain=input comment="defconf: accept ICMP"protocol=icmp addaction=drop chain=input comment="defconf: drop all not coming from LAN"in-interface-list=!LAN addaction=accept chain=forward comment="defconf: accept in ipsec policy"ipsec-policy=in,ipsec addaction=accept chain=forward comment="defconf: accept out ipsec policy"ipsec-policy=out,ipsec addaction=fasttrack-connection chain=forward comment="defconf: fasttrack"connection-state=established,related addaction=accept chain=forward comment="defconf: accept established,related, untracked"connection-state=established,related,untracked addaction=drop chain=forward comment="defconf: drop invalid"connection-state=invalid addaction=drop chain=forward comment="defconf: drop all from WAN not DSTNATed"connection-nat-state=!dstnat connection-state=new in-interface-list=WAN /ipfirewallnat addaction=masquerade chain=srcnat out-interface=ether1 /ipssh setallow-none-crypto=yesforwarding-enabled=remote /systemclock settime-zone-name=Europe/Moscow /systemntpclient setenabled=yesprimary-ntp=193.171.23.163 secondary-ntp=85.114.26.194 /toolmac-server setallowed-interface-list=LAN /toolmac-servermac-winbox setallowed-interface-list=LAN
оставил настройки, при которых нет обмена с облаком периферийного устройства: # dec/05/2019 22:34:51 by RouterOS 6.46 # software id = BTYQ-NLUH # # model = 2011UiAS-2HnD # serial number = B9030A826222 /interfacebridge addadmin-mac=74:4D:28:5E:E6:40 auto-mac=nocomment=defconf name=bridge /interfacewireless set[finddefault-name=wlan1 ]band=2ghz-b/g/n disabled=nodistance=indoors mode=ap-bridge ssid=#### wireless-protocol=802.11 /interfacewirelessnstreme set wlan1 enable-polling=no /interfacelist addcomment=defconf name=WAN addcomment=defconf name=LAN /interfacewirelesssecurity-profiles set[finddefault=yes]authentication-types=wpa2-psk eap-methods=""mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=##### wpa2-pre-shared-key=##### /ippool addname=default-dhcp ranges=192.168.88.10-192.168.88.254 addname=dhcp_pool1 ranges=192.168.88.2-192.168.88.254 addname=dhcp ranges=192.168.88.2-192.168.88.254 /ipdhcp-server addaddress-pool=default-dhcp authoritative=after-2sec-delay disabled=nointerface=bridge lease-time=8h name=dhcp1 relay=192.168.88.1 addaddress-pool=dhcp disabled=nointerface=bridge name=dhcp2 /interfacebridgeport addbridge=bridge comment=defconf interface=ether2 addbridge=bridge comment=defconf interface=ether3 addbridge=bridge comment=defconf interface=ether4 addbridge=bridge comment=defconf interface=ether5 addbridge=bridge comment=defconf interface=ether6 addbridge=bridge comment=defconf interface=ether7 addbridge=bridge comment=defconf interface=ether8 addbridge=bridge comment=defconf interface=ether9 addbridge=bridge comment=defconf interface=ether10 addbridge=bridge comment=defconf disabled=yesinterface=sfp1 addbridge=bridge comment=defconf interface=wlan1 /ipneighbordiscovery-settings setdiscover-interface-list=LAN /interfacedetect-internet setdetect-interface-list=all /interfacelistmember addcomment=defconf interface=bridge list=LAN addcomment=defconf interface=ether1 list=WAN /interfacewirelessaccess-list addcomment=350 interface=wlan1 mac-address=D8:A0:1D:47:9E:4C addcomment=Asmadey interface=wlan1 mac-address=B8:5D:0A:6F:2DD addcomment=Pioneer interface=wlan1 mac-address=00:09:B0:B7:26:6B /ipaddress addaddress=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0 /ipdhcp-client addcomment=defconf disabled=nointerface=ether1 /ipdhcp-servernetwork addaddress=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24 ntp-server=192.168.88.1 /ipdns setallow-remote-requests=yes /ipdnsstatic addaddress=192.168.88.1 name=router.lan /ipfirewallfilter addaction=accept chain=input comment="defconf: accept established,related,untracked"connection-state=established,related,untracked addaction=drop chain=input comment="defconf: drop invalid"connection-state=invalid addaction=accept chain=input comment="defconf: accept ICMP"protocol=icmp addaction=drop chain=input comment="defconf: drop all not coming from LAN"in-interface-list=!LAN addaction=accept chain=forward comment="defconf: accept in ipsec policy"ipsec-policy=in,ipsec addaction=accept chain=forward comment="defconf: accept out ipsec policy"ipsec-policy=out,ipsec addaction=fasttrack-connection chain=forward comment="defconf: fasttrack"connection-state=established,related addaction=accept chain=forward comment="defconf: accept established,related, untracked"connection-state=established,related,untracked addaction=drop chain=forward comment="defconf: drop invalid"connection-state=invalid addaction=drop chain=forward comment="defconf: drop all from WAN not DSTNATed"connection-nat-state=!dstnat connection-state=new in-interface-list=WAN /ipfirewallnat addaction=dst-nat chain=dstnat comment=350 port=1883 protocol=tcp to-ports=1883 addaction=dst-nat chain=dstnat comment=350 port=1350 protocol=tcp to-ports=1350 addaction=masquerade chain=srcnat out-interface=ether1 protocol=tcp /ipssh setallow-none-crypto=yesforwarding-enabled=remote /systemclock settime-zone-name=Europe/Moscow /systemntpclient setenabled=yesprimary-ntp=193.171.23.163 secondary-ntp=85.114.26.194 /toolmac-server setallowed-interface-list=LAN /toolmac-servermac-winbox setallowed-interface-list=LAN